In this report, 64 vulnerabilities have been publicly disclosed. Security patches for 45 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 19 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.6.2 is now available! This minor release includes 15 bug fixes in Core and 11 in the Block Editor, addressing issues like unexpected CSS specificity changes in certain themes.
WordPress Plugins � 45 Patched / 19 Unpatched
Form Vibes � Database Manager for Forms
- Plugin Slug:
- form-vibes
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-5309
Flaming Forms
- Plugin:
-
Flaming Forms
- Plugin Slug:
- flaming-forms
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-7692
Flaming Forms
- Plugin:
-
Flaming Forms
- Plugin Slug:
- flaming-forms
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-7691
Pocket Widget
- Plugin:
-
Pocket Widget
- Plugin Slug:
- pocket-widget
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-7918
Amelia
- Plugin:
Amelia
- Plugin Slug:
- ameliabooking
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-6332
AZIndex
- Plugin:
AZIndex
- Plugin Slug:
- azindex
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-7688
AZIndex
- Plugin:
AZIndex
- Plugin Slug:
- azindex
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-7687
Cab fare calculator
- Plugin:
Cab fare calculator
- Plugin Slug:
- cab-fare-calculator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2022-3556
Geo Controller
- Plugin:
Geo Controller
- Plugin Slug:
- cf-geoplugin
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-7380
Chatbot Support AI
- Plugin:
Chatbot Support AI
- Plugin Slug:
- chatbot-support-ai
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-6722
Cost Calculator Builder Pro
- Plugin:
Cost Calculator Builder Pro
- Plugin Slug:
- cost-calculator-builder-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-6010
DN Popup
Dynamic Featured Image
- Plugin:
Dynamic Featured Image
- Plugin Slug:
- dynamic-featured-image
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-6929
ForumWP
- Plugin:
ForumWP
- Plugin Slug:
- forumwp
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-8428
RD Station
- Plugin:
RD Station
- Plugin Slug:
- integracao-rd-station
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-6894
Preloader Plus – WordPress Loading Screen Plugin
- Plugin:
Preloader Plus – WordPress Loading Screen Plugin
- Plugin Slug:
- preloader-plus
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-6849
S.A.F
- Plugin:
S.A.F
- Plugin Slug:
- security-antivirus-firewall
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2022-4529
Slider comparison image before and after
- Plugin:
Slider comparison image before and after
- Plugin Slug:
- slider-comparison-image-before-and-after
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-8543
Viral Signup
- Plugin:
Viral Signup
- Plugin Slug:
- viral-signup
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-6926
LiteSpeed Cache
- Plugin:
-
LiteSpeed Cache
- Plugin Slug:
- litespeed-cache
- Installations
- 6,000,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 6.5.0.1
- Severity Score:
- Critical
- CVE:
-
2024-44000
Ninja Forms � The Contact Form Builder That Grows With You
- Plugin Slug:
- ninja-forms
- Installations
- 800,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.11
- Severity Score:
- High
Popup Maker � Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
- Plugin:
-
Popup Maker � Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
- Plugin Slug:
- popup-maker
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.19.1
- Severity Score:
- Medium
- CVE:
-
2024-5561
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
- Plugin Slug:
- fluentform
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.19
- Severity Score:
- Medium
- CVE:
-
2024-5053
PixelYourSite � Your smart PIXEL (TAG) & API Manager
- Plugin Slug:
- pixelyoursite
- Installations
- 400,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 9.7.2
- Severity Score:
- Medium
- CVE:
-
2024-7870
Customizer Export/Import
- Plugin:
-
Customizer Export/Import
- Plugin Slug:
- customizer-export-import
- Installations
- 200,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 0.9.7.1
- Severity Score:
- Medium
- CVE:
-
2024-7620
Ivory Search � WordPress Search Plugin
- Plugin Slug:
- add-search-to-menu
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.5.7
- Severity Score:
- Medium
- CVE:
-
2024-6835
Big File Uploads � Increase Maximum File Upload Size
- Plugin Slug:
- tuxedo-big-file-uploads
- Installations
- 100,000+
- Vulnerability:
- Full Path Disclosure (FPD)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
-
2024-8538
Tutor LMS � eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.7.5
- Severity Score:
- Medium
- CVE:
-
2023-2919
WP ULike � The Ultimate Engagement Toolkit for Websites
- Plugin Slug:
- wp-ulike
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.2.1
- Severity Score:
- Medium
- CVE:
-
2024-6792
Master Addons � Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
- Plugin Slug:
- master-addons
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.6.5
- Severity Score:
- Medium
- CVE:
-
2024-6282
Content Blocks (Custom Post Widget)
- Plugin Slug:
- custom-post-widget
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.6
- Severity Score:
- Medium
- CVE:
-
2024-44051
Bit File Manager � 100% Free & Open Source File Manager and Code Editor for WordPress
- Plugin Slug:
- file-manager
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 6.5.6
- Severity Score:
- Critical
- CVE:
-
2024-7770
Bit File Manager � 100% Free & Open Source File Manager and Code Editor for WordPress
- Plugin Slug:
- file-manager
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 6.5.6
- Severity Score:
- High
- CVE:
-
2024-7627
Secure Copy Content Protection and Content Locking
- Plugin Slug:
- secure-copy-content-protection
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.7
- Severity Score:
- Medium
- CVE:
-
2024-6888
LifterLMS � WP LMS for eLearning, Online Courses, & Quizzes
- Plugin Slug:
- lifterlms
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.7.6
- Severity Score:
- High
- CVE:
-
2024-7349
Sensei LMS � Online Courses, Quizzes, & Learning
- Plugin Slug:
- sensei-lms
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.24.2
- Severity Score:
- Medium
- CVE:
-
2024-7786
WP Job Portal � A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.7
- Severity Score:
- Critical
- CVE:
-
2024-7950
MultiVendorX � The Ultimate WooCommerce Multivendor Marketplace Solution
- Plugin Slug:
- dc-woocommerce-multi-vendor
- Installations
- 5,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 4.2.1
- Severity Score:
- High
- CVE:
-
2024-8289
EventON
Pinpoint Booking System � #1 WordPress Booking Plugin
- Plugin Slug:
- booking-system
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.9.9.5.1
- Severity Score:
- High
- CVE:
-
2024-7112
EventPrime � Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.4.4
- Severity Score:
- Medium
- CVE:
-
2024-8369
Remember Me Controls
- Plugin:
-
Remember Me Controls
- Plugin Slug:
- remember-me-controls
- Installations
- 4,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.1
- Severity Score:
- Medium
- CVE:
-
2024-7415
Newsletters
- Plugin:
-
Newsletters
- Plugin Slug:
- newsletters-lite
- Installations
- 3,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 4.9.9.3
- Severity Score:
- High
- CVE:
-
2024-8247
Community by PeepSo � Social Network, Membership, Registration, User Profiles, Premium � Mobile App
- Plugin:
-
Community by PeepSo � Social Network, Membership, Registration, User Profiles, Premium � Mobile App
- Plugin Slug:
- peepso-core
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.6.0
- Severity Score:
- Medium
- CVE:
-
2024-7618
Affiliate Super Assistent
- Plugin:
-
Affiliate Super Assistent
- Plugin Slug:
- amazonsimpleadmin
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.4
- Severity Score:
- Medium
- CVE:
-
2024-8478
Attributes for Blocks
- Plugin:
-
Attributes for Blocks
- Plugin Slug:
- attributes-for-blocks
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
-
2024-8318
Frontend Post Submission Manager Lite � Frontend Posting WordPress Plugin
- Plugin Slug:
- frontend-post-submission-manager-lite
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
-
2024-8427
Share This Image
- Plugin:
-
Share This Image
- Plugin Slug:
- share-this-image
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.03
- Severity Score:
- Medium
- CVE:
-
2024-8363
WP-Recall � Registration, Profile, Commerce & More
- Plugin Slug:
- wp-recall
- Installations
- 2,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 16.26.9
- Severity Score:
- Critical
- CVE:
-
2024-8292
WPCOM Member
- Plugin:
-
WPCOM Member
- Plugin Slug:
- wpcom-member
- Installations
- 2,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.5.3
- Severity Score:
- Critical
- CVE:
-
2024-7493
Advanced Sermons
- Plugin:
-
Advanced Sermons
- Plugin Slug:
- advanced-sermons
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4
- Severity Score:
- Medium
- CVE:
-
2024-7599
Nova Blocks by Pixelgrade
- Plugin:
-
Nova Blocks by Pixelgrade
- Plugin Slug:
- nova-blocks
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.8
- Severity Score:
- Medium
- CVE:
-
2024-8241
Revision Manager TMC
- Plugin:
-
Revision Manager TMC
- Plugin Slug:
- revision-manager-tmc
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.20
- Severity Score:
- Medium
- CVE:
-
2024-7622
Sign-up Sheets
- Plugin:
-
Sign-up Sheets
- Plugin Slug:
- sign-up-sheets
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.13
- Severity Score:
- High
- CVE:
-
2024-6020
WP AdCenter � Ad Manager & Adsense Ads
- Plugin Slug:
- wpadcenter
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.7
- Severity Score:
- Medium
- CVE:
-
2024-8317
The Ultimate WordPress Toolkit � WP Extended
- Plugin Slug:
- wpextended
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.9
- Severity Score:
- High
- CVE:
-
2024-8119
The Ultimate WordPress Toolkit � WP Extended
- Plugin Slug:
- wpextended
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.0.9
- Severity Score:
- Medium
- CVE:
-
2024-8106
The Ultimate WordPress Toolkit � WP Extended
- Plugin Slug:
- wpextended
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.9
- Severity Score:
- High
- CVE:
-
2024-8102
The Ultimate WordPress Toolkit � WP Extended
- Plugin Slug:
- wpextended
- Installations
- 1,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 3.0.9
- Severity Score:
- Medium
- CVE:
-
2024-8123
The Ultimate WordPress Toolkit � WP Extended
- Plugin Slug:
- wpextended
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 3.0.9
- Severity Score:
- High
- CVE:
-
2024-8104
The Ultimate WordPress Toolkit � WP Extended
- Plugin Slug:
- wpextended
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.9
- Severity Score:
- Medium
- CVE:
-
2024-8121
Frontend Dashboard
- Plugin:
-
Frontend Dashboard
- Plugin Slug:
- frontend-dashboard
- Installations
- 900+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 2.2.5
- Severity Score:
- High
- CVE:
-
2024-8268
Ninja Forms File Uploads Extension
- Plugin:
Ninja Forms File Uploads Extension
- Plugin Slug:
- ninja-forms-uploads
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.18
- Severity Score:
- High
- CVE:
-
2024-1596
PixelYourSite PRO
- Plugin:
PixelYourSite PRO
- Plugin Slug:
- pixelyoursite-pro
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 10.4.3
- Severity Score:
- Medium
- CVE:
-
2024-7870