Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a red gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � October 16, 2024

In this report, 176 vulnerabilities have been publicly disclosed. Security patches for 87 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 89 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7 Beta 2 is ready for testing! This beta version of the WordPress software is under development. Don’t install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 2 on a test server and site.

WordPress Plugins � 87 Patched / 86 Unpatched

Plugin:: TI WooCommerce Wishlist
Plugin Slug:: ti-woocommerce-wishlist
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9156

Plugin:: BuddyPress Docs
Plugin Slug:: buddypress-docs
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9207

Plugin:: Youzify � BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin Slug:: youzify
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9067

Plugin:: Youzify � BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin Slug:: youzify
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8987

Plugin:: TS Poll � Survey, Versus Poll, Image Poll, Video Poll
Plugin Slug:: poll-wp
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9022

Plugin:: Linkz.ai � Automatic link previews on hover
Plugin Slug:: linkz-ai
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9587

Plugin:: Linkz.ai � Automatic link previews on hover
Plugin Slug:: linkz-ai
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9586

Plugin:: 2D Tag Cloud
Plugin Slug:: 2d-tag-cloud-widget-by-sujin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9670

Plugin:: AB Categories Search Widget
Plugin Slug:: ab-categories-search-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49240

Plugin:: ACF Images Search And Insert
Plugin Slug:: acf-images-search-and-insert
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-48035

Plugin:: Add Categories Post Footer
Plugin Slug:: add-categories-post-footer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49239

Plugin:: ADIF Log Search Widget
Plugin Slug:: adif-log-search-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49238

Plugin:: Advanced Blocks Pro
Plugin Slug:: advanced-blocks-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9074

Plugin:: Ahime Image Printer
Plugin Slug:: ahime-image-printer
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49245

Plugin:: Ahmeti Wp Timeline
Plugin Slug:: ahmeti-wp-timeline
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49237

Plugin:: Ajax Custom CSS/JS
Plugin Slug:: ajax-awesome-css
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49230

Plugin:: ajax-extend
Plugin Slug:: ajax-extend
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49254

Plugin:: Ajax Rating with Custom Login
Plugin Slug:: ajax-rating-with-custom-login
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49246

Plugin:: Analyse Uploads
Plugin Slug:: analyse-uploads
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49253

Plugin:: Arkhe Blocks
Plugin Slug:: arkhe-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49261

Plugin:: Azz Anonim Posting
Plugin Slug:: azz-anonim-posting
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49257

Plugin:: Better Author Bio
Plugin Slug:: better-author-bio
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49229

Plugin:: BuddyPress Better Registration
Plugin Slug:: better-bp-registration
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49247

Plugin:: Booking.com Banner Creator
Plugin Slug:: bookingcom-banner-creator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49265

Plugin:: Bot for Telegram on WooCommerce
Plugin Slug:: bot-for-telegram-on-woocommerce
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9821

Plugin:: bVerse Convert
Plugin Slug:: bverse-convert
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49228

Plugin:: CJ Change Howdy
Plugin Slug:: cj-change-howdy
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49223

Plugin:: Cookie Scanner
Plugin Slug:: cookie-scanner
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49220

Plugin:: Country Flags for Elementor
Plugin Slug:: country-flags-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49262

Plugin:: Crazy Call To Action Box
Plugin Slug:: crazy-call-to-action-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49236

Plugin:: Creates 3D Flipbook, PDF Flipbook
Plugin Slug:: create-flipbook-from-pdf
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-48034

Plugin:: cSlider
Plugin Slug:: cslider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49221

Plugin:: WP Builder
Plugin Slug:: cssjockey-add-ons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9457

Plugin:: CSV Product Import Export for WooCommerce
Plugin Slug:: csv-wc-product-import-export
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49244

Plugin:: Curator.io
Plugin Slug:: curatorio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9057

Plugin:: Digital Lottery
Plugin Slug:: digital-lottery
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49242

Plugin:: Disc Golf Manager
Plugin Slug:: disc-golf-manager
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-48026

Plugin:: Dynamic Elementor Addons
Plugin Slug:: dynamic-elementor-addons
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49243

Plugin:: Easy Social Share Buttons
Plugin Slug:: easy-social-share-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8729

Plugin:: Events Addon for Elementor
Plugin Slug:: events-addon-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49264

Plugin:: External featured image from bing
Plugin Slug:: external-featured-image-from-bing
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-48027

Plugin:: Featured Posts with Multiple Custom Groups (FPMCG)
Plugin Slug:: featured-posts-with-multiple-custom-groups-fpmcg
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-48032

Plugin:: Featured Posts with Multiple Custom Groups (FPMCG)
Plugin Slug:: featured-posts-with-multiple-custom-groups-fpmcg
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-48031

Plugin:: Feed Comments Number
Plugin Slug:: feed-comments-number
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49216

Plugin:: Free Stock Photos Foter
Plugin Slug:: free-stock-photos-foter
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49227

Plugin:: GDPR-Extensions-com
Plugin Slug:: gdpr-consent-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9072

Plugin:: Elementor Inline SVG
Plugin Slug:: inline-svg-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9064

Plugin:: IP Loc8
Plugin Slug:: ip-loc8
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-48028

Plugin:: Keep Backup Daily
Plugin Slug:: keep-backup-daily
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-48024

Plugin:: WordPress Gallery Plugin � Limb Image Gallery
Plugin Slug:: limb-gallery
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49260

Plugin:: WordPress Gallery Plugin � Limb Image Gallery
Plugin Slug:: limb-gallery
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49258

Plugin:: Linked Variation for WooCommerce
Plugin Slug:: linked-variation-for-woocommerce
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-48047

Plugin:: Contact Forms, Live Support, CRM, Video Messages
Plugin Slug:: live-support-tickets
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49235

Plugin:: Maan Addons For Elementor
Plugin Slug:: maan-elementor-addons
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49251

Plugin:: Forms for Mailchimp by Optin Cat
Plugin Slug:: mailchimp-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7489

Plugin:: Marketing and SEO Booster
Plugin Slug:: marketing-and-seo-booster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9066

Plugin:: MAS Elementor
Plugin Slug:: mas-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49233

Plugin:: El mejor Cluster
Plugin Slug:: mejorcluster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49232

Plugin:: Mighty Builder
Plugin Slug:: mighty-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-48049

Plugin:: Mitm Bug Tracker
Plugin Slug:: mitm-bug-tracker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49224

Plugin:: My Favorites
Plugin Slug:: my-favorites
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49263

Plugin:: Mynx Page Builder
Plugin Slug:: mynx-page-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9656

Plugin:: Easy PayPal Gift Certificate
Plugin Slug:: paypal-gift-certificate
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9592

Plugin:: Pedalo Connector
Plugin Slug:: pedalo-connector
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9822

Plugin:: Plexx Elementor Extension
Plugin Slug:: plexx-elementor-extension
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49234

Plugin:: QA Analytics
Plugin Slug:: qa-heatmap-analytics
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8513

Plugin:: Read more By Adam
Plugin Slug:: read-more
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9187

Plugin:: Recently
Plugin Slug:: recently-viewed-most-viewed-and-sold-products-for-woocommerce
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49218

Plugin:: Restaurant Reservations Widget
Plugin Slug:: restaurantconnect-reswidget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-48023

Plugin:: RS-Members
Plugin Slug:: rs-members
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49219

Plugin:: Shortcode For Elementor Templates
Plugin Slug:: shortcode-support-for-elementor-templates
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-48022

Plugin:: Shortcodes AnyWhere
Plugin Slug:: shortcodes-anywhere
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9581

Plugin:: Simple Baseball Scoreboard
Plugin Slug:: simple-baseball-scoreboard
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-48025

Plugin:: Table of Contents Plus
Plugin Slug:: table-of-contents-plus
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49250

Plugin:: TAKETIN To WP Membership
Plugin Slug:: taketin-to-wp-membership
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49226

Plugin:: Talkback
Plugin Slug:: talkback-secure-linkback-protocol
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-48033

Plugin:: Telecash Ricaricaweb
Plugin Slug:: telecash-ricaricaweb
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-48030

Plugin:: Tito
Plugin Slug:: tito
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49241

Plugin:: Unlimited Addon For Elementor
Plugin Slug:: unlimited-addon-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49267

Plugin:: Adding drop down roles in registration
Plugin Slug:: user-drop-down-roles-in-registration
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49217

Plugin:: UserPlus
Plugin Slug:: userplus
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9519

Plugin:: WordPress Video
Plugin Slug:: wordpress-video
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49231

Plugin:: WP-Spreadplugin
Plugin Slug:: wp-spreadplugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49266

Plugin:: WP Users Masquerade
Plugin Slug:: wp-users-masquerade
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9522

Plugin:: wpPricing Builder
Plugin Slug:: wppricing-builder-lite-responsive-pricing-table-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49225

Plugin:: Wsify Widget
Plugin Slug:: wsify-widget
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-48048

Plugin:: Elementor Website Builder � More than Just a Page Builder
Plugin Slug:: elementor
Installations: 10,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.24.6
Severity Score:: Medium
CVE:: 2024-6757

Plugin:: WooCommerce
Plugin Slug:: woocommerce
Installations: 7,000,000+
Vulnerability:: Content Injection
Patched in Version:: 9.1.0
Severity Score:: Medium
CVE:: 2024-9944

Plugin:: Jetpack � WP Security, Backup, Speed, & Growth
Plugin Slug:: jetpack
Installations: 4,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 13.9.1
Severity Score:: Medium
CVE:: 2024-9926

Plugin:: Secure Custom Fields
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 6.3.6.1
Severity Score:: Medium
CVE:: 2024-9529

Plugin:: TablePress � Tables in WordPress made easy
Plugin Slug:: tablepress
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.3
Severity Score:: Medium
CVE:: 2024-9595

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.12.4
Severity Score:: Medium
CVE:: 2024-48045

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.987
Severity Score:: Medium
CVE:: 2024-8482

Plugin:: Ad Inserter � Ad Manager & AdSense Ads
Plugin Slug:: ad-inserter
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.38
Severity Score:: High
CVE:: 2024-49248

Plugin:: ShortPixel Image Optimizer � Optimize Images, Convert WebP & AVIF
Plugin Slug:: shortpixel-image-optimiser
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.6.4
Severity Score:: Medium
CVE:: 2024-48044

Plugin:: ShortPixel Image Optimizer � Optimize Images, Convert WebP & AVIF
Plugin Slug:: shortpixel-image-optimiser
Installations: 300,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.6.4
Severity Score:: High
CVE:: 2024-48043

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.5.122
Severity Score:: Critical
CVE:: 2024-49271

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.28
Severity Score:: Medium
CVE:: 2024-5968

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.13.9
Severity Score:: Medium
CVE:: 2024-8902

Plugin:: Custom Twitter Feeds � A Tweets Widget or X Feed Widget
Plugin Slug:: custom-twitter-feeds
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2024-8983

Plugin:: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
Plugin Slug:: mailin
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.88
Severity Score:: Medium
CVE:: 2024-8477

Plugin:: Relevanssi � A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.23.1
Severity Score:: Medium
CVE:: 2024-9021

Plugin:: Stackable � Page Builder Gutenberg Blocks
Plugin Slug:: stackable-ultimate-gutenberg-blocks
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.13.7
Severity Score:: Medium
CVE:: 2024-8760

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.6.12
Severity Score:: Medium
CVE:: 2024-8913

Plugin:: WooCommerce Multilingual & Multicurrency with WPML
Plugin Slug:: woocommerce-multilingual
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.8
Severity Score:: High
CVE:: 2024-8629

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +12 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.9.9
Severity Score:: Medium
CVE:: 2024-9538

Plugin:: SlimStat Analytics
Plugin Slug:: wp-slimstat
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.7
Severity Score:: High
CVE:: 2024-9548

Plugin:: Photo Gallery, Images, Slider in Rbs Image Gallery
Plugin Slug:: robo-gallery
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.22
Severity Score:: Medium
CVE:: 2024-8431

Plugin:: Download Plugins and Themes in ZIP from Dashboard
Plugin Slug:: download-plugins-dashboard
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.2
Severity Score:: High
CVE:: 2024-9232

Plugin:: WPIDE � File Manager & Code Editor
Plugin Slug:: wpide
Installations: 40,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-9546

Plugin:: FULL � Cliente
Plugin Slug:: full-customer
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.23
Severity Score:: High
CVE:: 2024-9211

Plugin:: PowerPress Podcasting plugin by Blubrry
Plugin Slug:: powerpress
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.9.19
Severity Score:: Medium
CVE:: 2024-9543

Plugin:: VOD Infomaniak
Plugin Slug:: vod-infomaniak
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-49274

Plugin:: Embed PDF Viewer
Plugin Slug:: embed-pdf-viewer
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2024-9451

Plugin:: Smart Post Show � Post Grid, Post Carousel, Post Slider, Post Timeline, Post Table, and List Category Posts, Latest Posts, Recent Posts, Popular Posts and More
Plugin Slug:: post-carousel
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.1
Severity Score:: Medium
CVE:: 2024-8187

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Path Traversal
Patched in Version:: 4.24.12
Severity Score:: Critical
CVE:: 2024-9047

Plugin:: Backup and Staging by WP Time Capsule
Plugin Slug:: wp-time-capsule
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.22.22
Severity Score:: High
CVE:: 2024-48020

Plugin:: Contact Form 7 � PayPal & Stripe Add-on
Plugin Slug:: contact-form-7-paypal-add-on
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.1
Severity Score:: High
CVE:: 2024-48021

Plugin:: Hunk Companion
Plugin Slug:: hunk-companion
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.5
Severity Score:: High
CVE:: 2024-9707

Plugin:: PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes
Plugin Slug:: revisionary
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.15
Severity Score:: High
CVE:: 2024-9436

Plugin:: WP Post Author � Boost Your Blog’s Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder
Plugin Slug:: wp-post-author
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.8.2
Severity Score:: High
CVE:: 2024-8757

Plugin:: Contact Form by Supsystic
Plugin Slug:: contact-form-by-supsystic
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.29
Severity Score:: Medium
CVE:: 2024-48046

Plugin:: Contact Form by Supsystic
Plugin Slug:: contact-form-by-supsystic
Installations: 9,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.7.29
Severity Score:: Critical
CVE:: 2024-48042

Plugin:: GutenKit � Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor
Plugin Slug:: gutenkit-blocks-addon
Installations: 9,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.1.1
Severity Score:: Critical
CVE:: 2024-9234

Plugin:: CM Tooltip Glossary
Plugin Slug:: enhanced-tooltipglossary
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.11
Severity Score:: Medium
CVE:: 2024-48041

Plugin:: Primary Addon for Elementor
Plugin Slug:: primary-addon-for-elementor
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.9
Severity Score:: Medium
CVE:: 2024-49259

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 7,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.15.3
Severity Score:: Medium
CVE:: 2024-9507

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.9.3.1
Severity Score:: Medium
CVE:: 2024-49273

Plugin:: Survey Maker
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.6
Severity Score:: Medium
CVE:: 2024-8488

Plugin:: Auto iFrame
Plugin Slug:: auto-iframe
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8
Severity Score:: Medium
CVE:: 2024-9449

Plugin:: Easy Mega Menu Plugin for WordPress � ThemeHunk
Plugin Slug:: themehunk-megamenu-plus
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-8433

Plugin:: WP Ultimate Post Grid
Plugin Slug:: wp-ultimate-post-grid
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.0
Severity Score:: Medium
CVE:: 2024-9051

Plugin:: CubeWP � All-in-One Dynamic Content Framework
Plugin Slug:: cubewp-framework
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.16
Severity Score:: Medium
CVE:: 2024-48039

Plugin:: Social Sharing (by Danny)
Plugin Slug:: dvk-social-sharing
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2024-9704

Plugin:: Category Icon
Plugin Slug:: category-icon
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.1
Severity Score:: Medium
CVE:: 2024-8915

Plugin:: WordPress Comments Import & Export
Plugin Slug:: comments-import-export-woocommerce
Installations: 3,000+
Vulnerability:: Directory Traversal
Patched in Version:: 2.3.9
Severity Score:: Medium
CVE:: 2024-7514

Plugin:: Products, Order & Customers Export for WooCommerce
Plugin Slug:: export-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: High
CVE:: 2024-9377

Plugin:: Htaccess File Editor � Easily Edit, Backup, Restore .htaccess file
Plugin Slug:: htaccess-file-editor
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.19
Severity Score:: Medium
CVE:: 2024-49256

Plugin:: Notification for Telegram
Plugin Slug:: notification-for-telegram
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2024-9685

Plugin:: Embed videos and respect privacy
Plugin Slug:: video-embed-privacy
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: High
CVE:: 2024-9346

Plugin:: BlockMeister � Block Pattern Builder
Plugin Slug:: blockmeister
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.11
Severity Score:: High
CVE:: 2024-9616

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-9895

Plugin:: Leyka
Plugin Slug:: leyka
Installations: 2,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 3.31.7
Severity Score:: Medium
CVE:: 2024-49252

Plugin:: SKT Blocks � Gutenberg based Page Builder
Plugin Slug:: skt-blocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-48036

Plugin:: Smart Blocks
Plugin Slug:: smart-blocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2024-49270

Plugin:: IdeaPush
Plugin Slug:: ideapush
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.71
Severity Score:: Medium
CVE:: 2024-49275

Plugin:: Increase upload file size & Maximum Execution Time limit
Plugin Slug:: increase-upload-file-size-maximum-execution-time-limit
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0
Severity Score:: High
CVE:: 2024-9611

Plugin:: Language Switcher
Plugin Slug:: language-switcher
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.0
Severity Score:: High
CVE:: 2024-9610

Plugin:: Maximum Products per User for WooCommerce
Plugin Slug:: maximum-products-per-user-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.9
Severity Score:: High
CVE:: 2024-9205

Plugin:: Contact Form Widget � Contact Query, Contact Page, Form Maker, Query Table
Plugin Slug:: new-contact-form-widget
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2024-48037

Plugin:: Order Attachments for WooCommerce
Plugin Slug:: order-attachments-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-9756

Plugin:: Rescue Shortcodes
Plugin Slug:: rescue-shortcodes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9
Severity Score:: Medium
CVE:: 2024-9696

Plugin:: Image Optimizer, Resizer and CDN � Sirv
Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.0
Severity Score:: Medium
CVE:: 2024-8964

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.21.11
Severity Score:: High
CVE:: 2024-9221

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 0.21.9
Severity Score:: High
CVE:: 2024-48040

Plugin:: wp-Monalisa
Plugin Slug:: wp-monalisa
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.5
Severity Score:: Medium
CVE:: 2024-48038

Plugin:: WordPress WP-Advanced-Search
Plugin Slug:: wp-advanced-search
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: 3.3.9.2
Severity Score:: Critical
CVE:: 2024-9796

Plugin:: AADMY � Add Auto Date Month Year Into Posts
Plugin Slug:: auto-date-year-month
Installations: 300+
Vulnerability:: Content Injection
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2024-9837

Plugin:: Da Reactions
Plugin Slug:: da-reactions
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.0
Severity Score:: Medium
CVE:: 2024-49255

Plugin:: Limit Login Attempts (Spam Protection)
Plugin Slug:: wp-limit-failed-login-attempts
Installations: 200+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.4
Severity Score:: Medium
CVE:: 2022-4534

Plugin:: ImagePress � Image Gallery
Plugin Slug:: image-gallery
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-9778

Plugin:: ImagePress � Image Gallery
Plugin Slug:: image-gallery
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-9824

Plugin:: ImagePress � Image Gallery
Plugin Slug:: image-gallery
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-9776

Plugin:: pretix widget
Plugin Slug:: pretix-widget
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.0.6
Severity Score:: High
CVE:: 2024-9575

Plugin:: WP 2FA with Telegram
Plugin Slug:: two-factor-login-telegram
Installations: 100+
Vulnerability:: Broken Authentication
Patched in Version:: 3.1
Severity Score:: High
CVE:: 2024-9687

Plugin:: WP 2FA with Telegram
Plugin Slug:: two-factor-login-telegram
Installations: 100+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 3.1
Severity Score:: Medium
CVE:: 2024-9820

Plugin:: SB Random Posts Widget
Plugin Slug:: sb-random-posts-widget
Installations: 10+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.1
Severity Score:: High
CVE:: 2024-48029

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 6.3.8
Severity Score:: Medium
CVE:: 2024-9529

Plugin:: Bridge Core
Plugin Slug:: bridge-core
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2024-9860

Plugin:: CMSMasters Content Composer
Plugin Slug:: cmsmasters-content-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.0
Severity Score:: Medium
CVE:: 2024-7963

Plugin:: LatePoint
Plugin Slug:: latepoint
Vulnerability:: Broken Authentication
Patched in Version:: 5.0.13
Severity Score:: Critical
CVE:: 2024-8943

Plugin:: LatePoint
Plugin Slug:: latepoint
Vulnerability:: SQL Injection
Patched in Version:: 5.0.12
Severity Score:: Critical
CVE:: 2024-8911

Plugin:: Social Auto Poster
Plugin Slug:: social-auto-poster
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.3.16
Severity Score:: Medium
CVE:: 2024-49272

WordPress Themes � 0 Patched / 3 Unpatched

Theme:: disconnected
Theme Slug:: disconnected
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49268

Theme:: my flatonica
Theme Slug:: my-flatonica
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49269

Theme:: my wooden under construction
Theme Slug:: my-wooden-under-construction
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49269