WordPress Vulnerability Report � September 4, 2024

In this report, 167 vulnerabilities have been publicly disclosed. Security patches for 98 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 69 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.6.1 is available! This minor release features 7 bug fixes in Core and 9 bug fixes for the Block Editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

WordPress Plugins � 92 Patched / 51 Unpatched

Plugin:: Popup Builder � Create highly converting, mobile friendly marketing popups.
Plugin Slug:: popup-builder
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2541

Plugin:: YARPP � Yet Another Related Posts Plugin
Plugin Slug:: yet-another-related-posts-plugin
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43919

Plugin:: Premium Portfolio Features for Phlox theme
Plugin Slug:: auxin-portfolio
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1384

Plugin:: Custom Field Template
Plugin Slug:: custom-field-template
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44062

Plugin:: DSGVO All in one for WP
Plugin Slug:: dsgvo-all-in-one-for-wp
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43964

Plugin:: Premium SEO Pack � WP SEO Plugin
Plugin Slug:: premium-seo-pack
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3679

Plugin:: Like Button Rating ? LikeBtn
Plugin Slug:: likebtn-like-button
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44064

Plugin:: Maintenance & Coming Soon Redirect Animation
Plugin Slug:: maintenance-coming-soon-redirect-animation
Installations: 5,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2024-43944

Plugin:: EU/UK VAT Manager for WooCommerce
Plugin Slug:: eu-vat-for-woocommerce
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44061

Plugin:: Super Testimonials
Plugin Slug:: super-testimonial
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43959

Plugin:: SKT Blocks � Gutenberg based Page Builder
Plugin Slug:: skt-blocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43946

Plugin:: Web and WooCommerce Addons for WPBakery Builder
Plugin Slug:: vc-addons-by-bit14
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43960

Plugin:: Classic Addons � WPBakery Page Builder
Plugin Slug:: classic-addons-wpbakery-page-builder-addons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43953

Plugin:: Custom Query Blocks
Plugin Slug:: post-type-archive-mapping
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44059

Plugin:: SendGrid for WordPress
Plugin Slug:: wp-sendgrid-mailer
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43965

Plugin:: Flaming Forms
Plugin Slug:: flaming-forms
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7692

Plugin:: Flaming Forms
Plugin Slug:: flaming-forms
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7691

Plugin:: Animated Number Counters
Plugin Slug:: animated-number-counters
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43957

Plugin:: azurecurve Toggle Show/Hide
Plugin Slug:: azurecurve-toggle-showhide
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43961

Plugin:: Blog Introduction
Plugin Slug:: blogintroduction-wordpress-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7862

Plugin:: Brickscore
Plugin Slug:: brickscore
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43950

Plugin:: DN Popup
Plugin Slug:: dn-popup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7690

Plugin:: Droip
Plugin Slug:: droip
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43955

Plugin:: Droip
Plugin Slug:: droip
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43954

Plugin:: Enhanced Search Box
Plugin Slug:: extended-search-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8091

Plugin:: GHActivity
Plugin Slug:: ghactivity
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43949

Plugin:: Gixaw Chat
Plugin Slug:: gixaw-chat
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7816

Plugin:: ILC Thickbox
Plugin Slug:: ilc-thickbox
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7820

Plugin:: infolinks Ad Wrap
Plugin Slug:: infolinks-ad-wrap
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8044

Plugin:: Justified Image Grid
Plugin Slug:: justified-image-grid
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43989

Plugin:: LatePoint
Plugin Slug:: latepoint
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43992

Plugin:: LatePoint
Plugin Slug:: latepoint
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43945

Plugin:: LWS Affiliation
Plugin Slug:: lws-affiliation
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43962

Plugin:: Memberpress
Plugin Slug:: memberpress
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43956

Plugin:: Misiek Paypal
Plugin Slug:: misiek-paypal
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7861

Plugin:: Misiek Photo Album
Plugin Slug:: misiek-photo-album
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7818

Plugin:: Misiek Photo Album
Plugin Slug:: misiek-photo-album
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7817

Plugin:: Music Request Manager
Plugin Slug:: music-request-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6018

Plugin:: Music Request Manager
Plugin Slug:: music-request-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6019

Plugin:: Music Request Manager
Plugin Slug:: music-request-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6017

Plugin:: Propovoice Pro
Plugin Slug:: propovoice-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43941

Plugin:: Review Ratings
Plugin Slug:: ratings-shorttags
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8052

Plugin:: Simple Headline Rotator
Plugin Slug:: simple-headline-rotator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7860

Plugin:: Special Feed Items
Plugin Slug:: special-feed-items
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8051

Plugin:: Vikinghammer Tweet
Plugin Slug:: vikinghammer-tweet
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8043

Plugin:: Viral Signup
Plugin Slug:: viral-signup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6927

Plugin:: Visual Sound (old)
Plugin Slug:: visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8047

Plugin:: WP Testimonial Widget
Plugin Slug:: wp-testimonial-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43967

Plugin:: WP Testimonial Widget
Plugin Slug:: wp-testimonial-widget
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43966

Plugin:: Z Y N I T H
Plugin Slug:: zynith-seo
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43940

Plugin:: Z Y N I T H
Plugin Slug:: zynith-seo
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43939

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 800,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.11
Severity Score:: High

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 800,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.12
Severity Score:: Medium
CVE:: 2024-43999

Plugin:: Page Builder Gutenberg Blocks � CoBlocks
Plugin Slug:: coblocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.13
Severity Score:: Medium
CVE:: 2024-7132

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.19
Severity Score:: Medium
CVE:: 2024-5053

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.985
Severity Score:: Medium
CVE:: 2024-44001

Plugin:: HubSpot � CRM, Email Marketing, Live Chat, Forms & Analytics
Plugin Slug:: leadin
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.1.34
Severity Score:: Medium
CVE:: 2024-5879

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.8
Severity Score:: Medium
CVE:: 2024-6804

Plugin:: Responsive Lightbox & Gallery
Plugin Slug:: responsive-lightbox
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.8
Severity Score:: Medium
CVE:: 2024-43924

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3.6
Severity Score:: Medium
CVE:: 2024-7895

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3.4
Severity Score:: High
CVE:: 2024-43926

Plugin:: Email Address Encoder
Plugin Slug:: email-address-encoder
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.24
Severity Score:: Medium
CVE:: 2024-43927

Plugin:: EmbedPress � Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.9
Severity Score:: Medium
CVE:: 2024-43936

Plugin:: Gallery Plugin for WordPress � Envira Photo Gallery
Plugin Slug:: envira-gallery-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.15
Severity Score:: Medium
CVE:: 2024-43925

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.16.0
Severity Score:: Medium
CVE:: 2024-6551

Plugin:: Mollie Payments for WooCommerce
Plugin Slug:: mollie-payments-for-woocommerce
Installations: 100,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 7.8.0
Severity Score:: Medium
CVE:: 2024-6448

Plugin:: NitroPack � Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN
Plugin Slug:: nitropack
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.16.8
Severity Score:: Medium
CVE:: 2024-43922

Plugin:: Page Builder: Pagelayer � Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.8
Severity Score:: Medium
CVE:: 2024-43972

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-43977

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-43932

Plugin:: The Post Grid � Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.7.12
Severity Score:: Medium
CVE:: 2024-7418

Plugin:: Ninja Tables � Easiest Data Table Builder
Plugin Slug:: ninja-tables
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.13
Severity Score:: Medium
CVE:: 2024-7304

Plugin:: Permalink Manager Lite
Plugin Slug:: permalink-manager
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.4.1
Severity Score:: Medium
CVE:: 2024-8195

Plugin:: Reviews Feed � Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More
Plugin Slug:: reviews-feed
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-8199

Plugin:: Reviews Feed � Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More
Plugin Slug:: reviews-feed
Installations: 70,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-8200

Plugin:: Theme Editor
Plugin Slug:: theme-editor
Installations: 60,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.9
Severity Score:: Medium
CVE:: 2022-2440

Plugin:: WP Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.5.1
Severity Score:: High
CVE:: 2024-8274

Plugin:: Shield Security � Smart Bot Blocking & Intrusion Prevention Security
Plugin Slug:: wp-simple-firewall
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20.0.6
Severity Score:: High
CVE:: 2024-7313

Plugin:: Visual CSS Style Editor
Plugin Slug:: yellow-pencil-visual-theme-customizer
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.4
Severity Score:: High
CVE:: 2024-43963

Plugin:: Gutentor � Gutenberg Blocks � Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.6
Severity Score:: Medium
CVE:: 2024-5417

Plugin:: Quiz and Survey Master (QSM) � Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2024-6879

Plugin:: Gutenverse � Gutenberg Blocks and Page Builder for Site Editor
Plugin Slug:: gutenverse
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-43920

Plugin:: Form builder to get in touch with visitors, grow your email list and collect payments � Happyforms
Plugin Slug:: happyforms
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.1
Severity Score:: Medium
CVE:: 2024-44063

Plugin:: SureCart � Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments
Plugin Slug:: surecart
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.29.4
Severity Score:: High
CVE:: 2024-43970

Plugin:: WP Events Manager
Plugin Slug:: wp-events-manager
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.0
Severity Score:: High
CVE:: 2024-7717

Plugin:: MP3 Audio Player � Music Player, Podcast Player & Radio by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 5.7.1
Severity Score:: High
CVE:: 2024-7856

Plugin:: WPZOOM Portfolio Lite � Filterable Portfolio Plugin
Plugin Slug:: wpzoom-portfolio
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-8276

Plugin:: 140+ Widgets | Xpro Addons For Elementor � FREE
Plugin Slug:: xpro-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4.4
Severity Score:: Medium
CVE:: 2024-7791

Plugin:: GeoDirectory � WP Business Directory Plugin and Classified Listings Directory
Plugin Slug:: geodirectory
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.71
Severity Score:: Medium
CVE:: 2024-43981

Plugin:: Generate Images � Magic Post Thumbnail
Plugin Slug:: magic-post-thumbnail
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.10
Severity Score:: High
CVE:: 2024-43921

Plugin:: Media Library Folders
Plugin Slug:: media-library-plus
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.2.4
Severity Score:: Medium
CVE:: 2024-7858

Plugin:: Media Library Folders
Plugin Slug:: media-library-plus
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 8.2.3
Severity Score:: High
CVE:: 2024-7857

Plugin:: WP Accessibility Helper (WAH)
Plugin Slug:: wp-accessibility-helper
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.6.2.9
Severity Score:: Medium
CVE:: 2024-5987

Plugin:: Clean Login
Plugin Slug:: clean-login
Installations: 8,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.14.6
Severity Score:: High
CVE:: 2024-8252

Plugin:: WP Delicious � Recipe Plugin for Food Bloggers (formerly Delicious Recipes)
Plugin Slug:: delicious-recipes
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2024-43935

Plugin:: easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg
Plugin Slug:: easyjobs
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.15
Severity Score:: High
CVE:: 2024-43997

Plugin:: Payment forms, Buy now buttons and Invoicing System | GetPaid
Plugin Slug:: invoicing
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.12
Severity Score:: Medium
CVE:: 2024-43973

Plugin:: Logo Showcase Ultimate � Logo Carousel, Logo Slider & Logo Grid
Plugin Slug:: logo-showcase-ultimate
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-8046

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.14
Severity Score:: Critical
CVE:: 2024-43984

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.14
Severity Score:: Medium
CVE:: 2024-43983

Plugin:: WPMobile.App � Android and iOS Mobile Application
Plugin Slug:: wpappninja
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.49
Severity Score:: Medium
CVE:: 2024-43933

Plugin:: Relevanssi Live Ajax Search
Plugin Slug:: relevanssi-live-ajax-search
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5
Severity Score:: Medium
CVE:: 2024-7573

Plugin:: WP Crowdfunding
Plugin Slug:: wp-crowdfunding
Installations: 4,000+
Vulnerability:: Settings Change
Patched in Version:: 2.1.11
Severity Score:: Medium
CVE:: 2024-43937

Plugin:: Collapsing Archives
Plugin Slug:: collapsing-archives
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6
Severity Score:: Medium
CVE:: 2024-43934

Plugin:: HelloAsso
Plugin Slug:: helloasso
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.11
Severity Score:: Medium
CVE:: 2024-44052

Plugin:: Name Directory
Plugin Slug:: name-directory
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29.1
Severity Score:: High
CVE:: 2024-43938

Plugin:: Spiffy Calendar
Plugin Slug:: spiffy-calendar
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.9.13
Severity Score:: High
CVE:: 2024-43969

Plugin:: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor � Funnelforms Free
Plugin Slug:: funnelforms-free
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.4.1
Severity Score:: Medium
CVE:: 2024-7447

Plugin:: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor � Funnelforms Free
Plugin Slug:: funnelforms-free
Installations: 2,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.7.4.1
Severity Score:: Medium
CVE:: 2024-6312

Plugin:: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor � Funnelforms Free
Plugin Slug:: funnelforms-free
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.7.4.1
Severity Score:: Medium
CVE:: 2024-6311

Plugin:: Share This Image
Plugin Slug:: share-this-image
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.02
Severity Score:: Medium
CVE:: 2024-8108

Plugin:: WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin
Plugin Slug:: timetics
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.24
Severity Score:: Medium
CVE:: 2024-43923

Plugin:: Bus Ticket Booking with Seat Reservation � WpBusTicketly | WordPress plugin
Plugin Slug:: bus-ticket-booking-with-seat-reservation
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.6
Severity Score:: Medium
CVE:: 2024-43985

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.6
Severity Score:: High
CVE:: 2024-43971

Plugin:: Tourfic � Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking
Plugin Slug:: tourfic
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.11.21
Severity Score:: Medium
CVE:: 2024-8319

Plugin:: Front End Users
Plugin Slug:: front-end-only-users
Installations: 700+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.29
Severity Score:: High
CVE:: 2024-7607

Plugin:: Front End Users
Plugin Slug:: front-end-only-users
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.29
Severity Score:: Medium
CVE:: 2024-7606

Plugin:: Taxi Booking Manager for WooCommerce � WordPress plugin | Ecab
Plugin Slug:: ecab-taxi-booking-manager
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-43986

Plugin:: Web Directory Free
Plugin Slug:: web-directory-free
Installations: 600+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7.3
Severity Score:: Critical
CVE:: 2024-3673

Plugin:: Favicon Generator (CLOSED)
Plugin Slug:: favicon-generator
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1
Severity Score:: Critical
CVE:: 2024-7863

Plugin:: Login As Users
Plugin Slug:: login-as-users
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.4
Severity Score:: High
CVE:: 2024-43982

Plugin:: Web Application Firewall � website security
Plugin Slug:: web-application-firewall
Installations: 300+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2022-4539

Plugin:: Two-factor authentication (formerly IP Vault)
Plugin Slug:: ip-vault-wp-firewall
Installations: 20+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2022-4536

Plugin:: ElementsKit Pro
Plugin Slug:: elementskit
Vulnerability:: Local File Inclusion
Patched in Version:: 3.6.8
Severity Score:: Medium
CVE:: 2024-43996

Plugin:: The Events Calendar PRO
Plugin Slug:: events-calendar-pro
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 7.0.2.1
Severity Score:: Medium
CVE:: 2024-8016

Plugin:: Funnel Kit Funnel Builder PRO
Plugin Slug:: funnel-builder-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-1056

Plugin:: Greenshift Query and Meta Addon
Plugin Slug:: greenshiftquery
Vulnerability:: SQL Injection
Patched in Version:: 3.9.2
Severity Score:: High
CVE:: 2024-43942

Plugin:: Greenshift Woocommerce Addon
Plugin Slug:: greenshiftwoo
Vulnerability:: SQL Injection
Patched in Version:: 1.9.8
Severity Score:: High
CVE:: 2024-43943

Plugin:: Memberpress
Plugin Slug:: memberpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.11.30
Severity Score:: High
CVE:: 2024-5024

Plugin:: Newspack
Plugin Slug:: newspack-plugin
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.7
Severity Score:: Medium
CVE:: 2024-43968

Plugin:: Oxygen Builder
Plugin Slug:: oxygenbuilder
Vulnerability:: Broken Access Control
Patched in Version:: 4.9
Severity Score:: Medium
CVE:: 2024-6688

Plugin:: Super Store Finder
Plugin Slug:: superstorefinder-wp
Vulnerability:: SQL Injection
Patched in Version:: 6.9.8
Severity Score:: Critical
CVE:: 2024-43978

Plugin:: Super Store Finder
Plugin Slug:: superstorefinder-wp
Vulnerability:: SQL Injection
Patched in Version:: 6.9.8
Severity Score:: Critical
CVE:: 2024-43976

Plugin:: Super Store Finder
Plugin Slug:: superstorefinder-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.9.8
Severity Score:: High
CVE:: 2024-43975

Plugin:: tagDiv Composer
Plugin Slug:: td-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1
Severity Score:: High
CVE:: 2024-3886

Plugin:: Tutor LMS Pro
Plugin Slug:: tutor-pro
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.3
Severity Score:: High
CVE:: 2024-5784

Plugin:: WP Armour Extended
Plugin Slug:: wp-armour-extended
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.32
Severity Score:: High
CVE:: 2024-43948

Plugin:: WP Armour Extended
Plugin Slug:: wp-armour-extended
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.32
Severity Score:: Medium
CVE:: 2024-43947

Plugin:: WP Cerber Security
Plugin Slug:: wp-cerber
Vulnerability:: Bypass Vulnerability
Patched in Version:: 9.5
Severity Score:: Medium
CVE:: 2022-4100

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: PHP Object Injection
Patched in Version:: 2.5.4
Severity Score:: Critical
CVE:: 2024-43931

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.5.4
Severity Score:: Medium
CVE:: 2024-43930

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.6
Severity Score:: Medium
CVE:: 2024-43929

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.6
Severity Score:: Medium
CVE:: 2024-43928

WordPress Themes � 6 Patched / 18 Unpatched

Theme:: Esotera
Theme Slug:: esotera
Downloads: 59,473
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43952

Theme:: Fluida
Theme Slug:: fluida
Downloads: 486,615
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44054

Theme:: Hotel Galaxy
Theme Slug:: hotel-galaxy
Downloads: 247,851
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43991

Theme:: IntoTheDark
Theme Slug:: intothedark
Downloads: 2,035
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43958

Theme:: Kahuna
Theme Slug:: kahuna
Downloads: 170,236
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43994

Theme:: Liquido
Theme Slug:: liquido
Downloads: 32,519
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43993

Theme:: Mantra
Theme Slug:: mantra
Downloads: 1,152,946
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44056

Theme:: Mystique
Theme Slug:: mystique
Downloads: 705,708
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43988

Theme:: Nirvana
Theme Slug:: nirvana
Downloads: 752,479
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44057

Theme:: Parabola
Theme Slug:: parabola
Downloads: 635,288
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44058

Theme:: Posterity
Theme Slug:: posterity
Downloads: 96,548
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43995

Theme:: Sliding Door
Theme Slug:: sliding-door
Downloads: 537,528
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43987

Theme:: Tempera
Theme Slug:: tempera
Downloads: 703,523
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43951

Theme:: Betheme
Theme Slug:: betheme
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2694

Theme:: Betheme
Theme Slug:: betheme
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3998

Theme:: Enfold
Theme Slug:: enfold
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5061

Theme:: Filmix
Theme Slug:: filmix
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44060

Theme:: Opor Ayam
Theme Slug:: opor-ayam
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44053

Theme:: Attire
Theme Slug:: attire
Downloads: 72,378
Vulnerability:: PHP Object Injection
Patched in Version:: 2.0.7
Severity Score:: High
CVE:: 2024-7435

Theme:: Blockbooster
Theme Slug:: blockbooster
Downloads: 8,463
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.11
Severity Score:: Medium
CVE:: 2024-43979

Theme:: Blogpoet
Theme Slug:: blogpoet
Downloads: 4,865
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2024-43998

Theme:: FotaWP
Theme Slug:: fotawp
Downloads: 146,783
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-43980

Theme:: ReviveNews
Theme Slug:: revivenews
Downloads: 7,963
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2024-43974

Theme:: Masterstudy LMS Starter
Theme Slug:: ms-lms-starter-theme
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2024-43990