WordPress Vulnerability Report

In this report, 251 vulnerabilities have been publicly disclosed. Security patches for 141 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 110 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

3. WordPress Themes — 5 Patched / 1 Unpatched

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7 Beta 3 is available and ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 3 on a test server and site.

WordPress Plugins — 136 Patched / 109 Unpatched

Plugin:: Countdown, Coming Soon, Maintenance – Countdown & Clock
Plugin Slug:: countdown-builder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-50516

Plugin:: DarkMySite – Advanced Dark Mode Plugin for WordPress
Plugin Slug:: darkmysite
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-50466

Plugin:: ACL Floating Cart for WooCommerce
Plugin Slug:: acl-floating-cart-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49640

Plugin:: Acnoo Flutter API
Plugin Slug:: acnoo-flutter-api
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50486

Plugin:: Advanced Online Ordering and Delivery Platform
Plugin Slug:: advanced-online-ordering-and-delivery-platform
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-50497

Plugin:: Agile Video Player Lite
Plugin Slug:: agile-video-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49636

Plugin:: AI Image Generator for Your Content & Featured Images – AI Postpix
Plugin Slug:: ai-postpix
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49671

Plugin:: Ajar in5 Embed
Plugin Slug:: ajar-productions-in5-embed
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50473

Plugin:: Amilia Store
Plugin Slug:: amilia-store
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-50472

Plugin:: AR For Woocommerce
Plugin Slug:: ar-for-woocommerce
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50510

Plugin:: AR For WordPress
Plugin Slug:: ar-for-wordpress
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50496

Plugin:: Automatic Translation
Plugin Slug:: automatic-translation
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50493

Plugin:: Bamazoo Button Generator
Plugin Slug:: bamazoo-button-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10150

Plugin:: Banner Slider
Plugin Slug:: banner-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49635

Plugin:: Beek Widget Extention
Plugin Slug:: beek-widget-extention
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10343

Plugin:: Bet WC 2018 Russia
Plugin Slug:: bet-wc-2018-russia
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49637

Plugin:: BuddyPress Greeting Message
Plugin Slug:: bp-greeting-message
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49650

Plugin:: BP Member Type Manager
Plugin Slug:: bp-member-type-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49634

Plugin:: Bstone Demo Importer
Plugin Slug:: bstone-demo-importer
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-50481

Plugin:: Bulk Change Role
Plugin Slug:: bulk-role-change
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-50504

Plugin:: Clever Addons for Elementor
Plugin Slug:: cafe-lite
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10357

Plugin:: Campus Explorer Widget
Plugin Slug:: campus-explorer-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49660

Plugin:: chatplusjp
Plugin Slug:: chatplusjp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49664

Plugin:: Code Generate
Plugin Slug:: code-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49646

Plugin:: Coub
Plugin Slug:: coub
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49659

Plugin:: CWD 3D Image Gallery
Plugin Slug:: cwd-3d-image-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49632

Plugin:: DocumentPress
Plugin Slug:: documentpress-display-any-document-on-your-site
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49656

Plugin:: DS.DownloadList
Plugin Slug:: dsdownloadlist
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50507

Plugin:: Editor Custom Color Palette
Plugin Slug:: editor-custom-color-palette
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9642

Plugin:: EKC Tournament Manager
Plugin Slug:: ekc-tournament-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49674

Plugin:: Exam Matrix
Plugin Slug:: exam-matrix
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50485

Plugin:: Extra Privacy for Elementor
Plugin Slug:: extra-privacy-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49654

Plugin:: Whitelist
Plugin Slug:: fifthsegment-whitelist
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49643

Plugin:: Google Docs RSVP
Plugin Slug:: google-docs-rsvp-guestlist
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49672

Plugin:: TeploBot – Telegram Bot for WP
Plugin Slug:: green-wp-telegram-bot-by-teplitsa
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9627

Plugin:: iBryl Switch User
Plugin Slug:: ibryl-switch-user
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49675

Plugin:: ID-SK Toolkit
Plugin Slug:: idsk-toolkit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9853

Plugin:: INK Official
Plugin Slug:: ink-official
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49669

Plugin:: Kodex Posts likes
Plugin Slug:: kodex-posts-likes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-50464

Plugin:: League of Legends Shortcodes
Plugin Slug:: league-of-legends-shortcodes
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10341

Plugin:: League of Legends Shortcodes
Plugin Slug:: league-of-legends-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10342

Plugin:: leenk.me
Plugin Slug:: leenkme
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49661

Plugin:: MaanStore API
Plugin Slug:: maanstore-api
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50487

Plugin:: Forms for Mailchimp by Optin Cat
Plugin Slug:: mailchimp-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8870

Plugin:: Local Business Addons For Elementor
Plugin Slug:: map-addons-for-elementor-waze-map
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49667

Plugin:: Marketing Automation by AZEXO
Plugin Slug:: marketing-automation-by-azexo
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-50506

Plugin:: Marketing Automation by AZEXO
Plugin Slug:: marketing-automation-by-azexo
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50480

Plugin:: Meetup
Plugin Slug:: meetup
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50483

Plugin:: Monitor.chat
Plugin Slug:: monitor-chat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49639

Plugin:: Monkee-Boy Essentials
Plugin Slug:: monkee-boy-wp-essentials
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9116

Plugin:: Multi Purpose Mail Form
Plugin Slug:: multi-purpose-mail-form
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50484

Plugin:: Order Notification for Telegram
Plugin Slug:: order-notification-for-telegram
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9686

Plugin:: PegaPoll
Plugin Slug:: pegapoll
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50490

Plugin:: Portfolleo
Plugin Slug:: portfolleo
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49653

Plugin:: PriPre
Plugin Slug:: pripre
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9454

Plugin:: Realty Workstation
Plugin Slug:: realty-workstation
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50489

Plugin:: 3D Work In Progress
Plugin Slug:: renee-work-in-progress
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49657

Plugin:: 3D Work In Progress
Plugin Slug:: renee-work-in-progress
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49652

Plugin:: Risk Warning Bar
Plugin Slug:: risk-warning-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49638

Plugin:: RSVP ME
Plugin Slug:: rsvp-me
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50491

Plugin:: Extensions by HocWP Team
Plugin Slug:: sb-core
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9930

Plugin:: ScottCart
Plugin Slug:: scottcart
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-50492

Plugin:: Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin
Plugin Slug:: scrollbar-by-webxapp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-50467

Plugin:: Shoutcast Icecast HTML5 Radio Player
Plugin Slug:: shoutcast-icecast-html5-radio-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8666

Plugin:: Signup Page
Plugin Slug:: signup-page
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50475

Plugin:: Simple Custom Admin
Plugin Slug:: simple-custom-admin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49647

Plugin:: Simple Load More
Plugin Slug:: simple-load-more
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49662

Plugin:: Simple News
Plugin Slug:: simple-news
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10112

Plugin:: Affiliate Platform
Plugin Slug:: smdp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49645

Plugin:: GRÜN spendino Spendenformular
Plugin Slug:: spendino
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50476

Plugin:: Stacks Mobile App Builder
Plugin Slug:: stacks-mobile-app-builder
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50477

Plugin:: SVG Captcha
Plugin Slug:: svg-captcha
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49648

Plugin:: 1-Click Login: Passwordless Authentication
Plugin Slug:: swoop-password-free-authentication
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50478

Plugin:: Textboxes
Plugin Slug:: textboxes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-50469

Plugin:: Themes4WP YouTube External Subtitles
Plugin Slug:: themes4wp-youtube-external-subtitles
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-50470

Plugin:: Tida URL Screenshot
Plugin Slug:: tida-url-screenshot
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49641

Plugin:: Todo Custom Field
Plugin Slug:: todo-custom-field
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49642

Plugin:: Token Login
Plugin Slug:: token-login
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-50488

Plugin:: Trip Plan
Plugin Slug:: tripplan
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-50471

Plugin:: uCAT – Next Story
Plugin Slug:: ucat-next-story
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49663

Plugin:: Uix Shortcodes
Plugin Slug:: uix-shortcodes
Vulnerability:: Arbitrary Code Execution
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9772

Plugin:: Verbalize WP
Plugin Slug:: verbalize-wp
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49668

Plugin:: WatchTowerHQ
Plugin Slug:: watchtowerhq
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9933

Plugin:: Sudan Payment Gateway for WooCommerce
Plugin Slug:: wc-sudan-payment-gateway
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50494

Plugin:: 10Web Social Post Feed
Plugin Slug:: wd-facebook-feed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9607

Plugin:: Web Bricks Addons for Elementor
Plugin Slug:: webbricks-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49665

Plugin:: Woocommerce Custom Profile Picture
Plugin Slug:: woo-custom-profile-picture
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49658

Plugin:: Woocommerce Product Design
Plugin Slug:: woo-product-design
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-50509

Plugin:: Woocommerce Product Design
Plugin Slug:: woo-product-design
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-50508

Plugin:: Woocommerce Product Design
Plugin Slug:: woo-product-design
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50482

Plugin:: Woocommerce Quote Calculator
Plugin Slug:: woo-quote-calculator-order
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50479

Plugin:: WooCommerce Maintenance Mode
Plugin Slug:: woocommerce-maintenance-mode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49651

Plugin:: Awesome Buttons
Plugin Slug:: wp-awesome-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10148

Plugin:: WP Awesome Login
Plugin Slug:: wp-awesome-login
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9456

Plugin:: Category and Taxonomy Image
Plugin Slug:: wp-custom-taxonomy-image
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9591

Plugin:: Category and Taxonomy Meta Fields
Plugin Slug:: wp-custom-taxonomy-meta
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9588

Plugin:: Category and Taxonomy Meta Fields
Plugin Slug:: wp-custom-taxonomy-meta
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9590

Plugin:: Category and Taxonomy Meta Fields
Plugin Slug:: wp-custom-taxonomy-meta
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9589

Plugin:: WP donimedia carousel
Plugin Slug:: wp-donimedia-carousel
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50511

Plugin:: Plugin Propagator
Plugin Slug:: wp-propagator
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50495

Plugin:: WP Query Console
Plugin Slug:: wp-query-console
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-50498

Plugin:: Raptor Editor
Plugin Slug:: wp-raptor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-50468

Plugin:: WP show more
Plugin Slug:: wp-show-more
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9967

Plugin:: WPS Telegram Chat
Plugin Slug:: wps-telegram-chat
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9628

Plugin:: WPS Telegram Chat
Plugin Slug:: wps-telegram-chat
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9630

Plugin:: WPSchoolPress
Plugin Slug:: wpschoolpress
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9637

Plugin:: Wux Blog Editor
Plugin Slug:: wux-blog-editor
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9931

Plugin:: Wux Blog Editor
Plugin Slug:: wux-blog-editor
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9932

Plugin:: Editorial Assistant by Sovrn
Plugin Slug:: zemanta
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9626

Plugin:: All-in-One WP Migration and Backup
Plugin Slug:: all-in-one-wp-migration
Installations: 5,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 7.87
Severity Score:: High
CVE:: 2024-9162

Plugin:: All-in-One WP Migration and Backup
Plugin Slug:: all-in-one-wp-migration
Installations: 5,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.87
Severity Score:: Medium
CVE:: 2024-8852

Plugin:: Elementor Header & Footer Builder
Plugin Slug:: header-footer-elementor
Installations: 2,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.6.44
Severity Score:: Medium
CVE:: 2024-10050

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: Medium
CVE:: 2024-10091

Plugin:: Ninja Forms – The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.18
Severity Score:: Medium
CVE:: 2024-50515

Plugin:: Ninja Forms – The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.18
Severity Score:: Medium
CVE:: 2024-50514

Plugin:: Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.36.0
Severity Score:: High
CVE:: 2024-10402

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.0
Severity Score:: Medium
CVE:: 2024-8500

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 400,000+
Vulnerability:: XML External Entity (XXE)
Patched in Version:: 1.3.981
Severity Score:: Medium
CVE:: 2024-50442

Plugin:: Breeze – WordPress Cache Plugin
Plugin Slug:: breeze
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.15
Severity Score:: Medium
CVE:: 2024-50431

Plugin:: Breeze – WordPress Cache Plugin
Plugin Slug:: breeze
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.15
Severity Score:: Medium
CVE:: 2024-50422

Plugin:: Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Plugin Slug:: templately
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.6
Severity Score:: Medium
CVE:: 2024-50424

Plugin:: Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Plugin Slug:: templately
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.6
Severity Score:: Medium
CVE:: 2024-50423

Plugin:: PDF Invoices & Packing Slips for WooCommerce
Plugin Slug:: woocommerce-pdf-invoices-packing-slips
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.7
Severity Score:: Medium
CVE:: 2024-50421

Plugin:: SEOPress – On-site SEO
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.2
Severity Score:: Medium
CVE:: 2024-50456

Plugin:: SEOPress – On-site SEO
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.2
Severity Score:: Medium
CVE:: 2024-50455

Plugin:: SEOPress – On-site SEO
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.2
Severity Score:: Medium
CVE:: 2024-50454

Plugin:: Astra Widgets
Plugin Slug:: astra-widgets
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.15
Severity Score:: Medium
CVE:: 2024-50439

Plugin:: Firelight Lightbox
Plugin Slug:: easy-fancybox
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.4
Severity Score:: Medium
CVE:: 2024-50460

Plugin:: Qi Addons For Elementor
Plugin Slug:: qi-addons-for-elementor
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2024-9530

Plugin:: Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer
Plugin Slug:: 3d-flipbook-dflip-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.42
Severity Score:: High
CVE:: 2024-8717

Plugin:: AMP for WP – Accelerated Mobile Pages
Plugin Slug:: accelerated-mobile-pages
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.99.2
Severity Score:: High
CVE:: 2024-9598

Plugin:: Beaver Builder – WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3.9
Severity Score:: Medium
CVE:: 2024-50430

Plugin:: BuddyPress
Plugin Slug:: buddypress
Installations: 100,000+
Vulnerability:: Directory Traversal
Patched in Version:: 14.2.1
Severity Score:: Critical
CVE:: 2024-10011

Plugin:: Conditional Fields for Contact Form 7
Plugin Slug:: cf7-conditional-fields
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5
Severity Score:: Medium
CVE:: 2024-50412

Plugin:: Custom Twitter Feeds – A Tweets Widget or X Feed Widget
Plugin Slug:: custom-twitter-feeds
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.4
Severity Score:: Medium
CVE:: 2024-49685

Plugin:: EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.0
Severity Score:: Medium
CVE:: 2024-50461

Plugin:: Schema & Structured Data for WP & AMP
Plugin Slug:: schema-and-structured-data-for-wp
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.36
Severity Score:: Medium
CVE:: 2024-49683

Plugin:: Download Monitor
Plugin Slug:: download-monitor
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.13
Severity Score:: Medium
CVE:: 2024-10092

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.27.6
Severity Score:: Medium
CVE:: 2024-50413

Plugin:: Comments – wpDiscuz
Plugin Slug:: wpdiscuz
Installations: 80,000+
Vulnerability:: Broken Authentication
Patched in Version:: 7.6.25
Severity Score:: Critical
CVE:: 2024-9488

Plugin:: Call / Contact Button
Plugin Slug:: button-contact-vr
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.10
Severity Score:: Medium
CVE:: 2024-50414

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.7.5
Severity Score:: Medium
CVE:: 2024-10312

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.9.6
Severity Score:: Medium
CVE:: 2024-10374

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.9.6
Severity Score:: High
CVE:: 2024-9231

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.4
Severity Score:: Medium
CVE:: 2024-50417

Plugin:: Qi Blocks
Plugin Slug:: qi-blocks
Installations: 50,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.3
Severity Score:: High
CVE:: 2024-49690

Plugin:: Photo Gallery, Images, Slider in Rbs Image Gallery
Plugin Slug:: robo-gallery
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.22
Severity Score:: Medium
CVE:: 2024-49696

Plugin:: Product Filter by WBW
Plugin Slug:: woo-product-filter
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.1
Severity Score:: High
CVE:: 2024-49691

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.7.0
Severity Score:: Medium
CVE:: 2024-9650

Plugin:: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging
Plugin Slug:: wp-rss-aggregator
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.23.13
Severity Score:: Medium
CVE:: 2024-9583

Plugin:: Post Grid and Gutenberg Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.94
Severity Score:: Medium
CVE:: 2024-50432

Plugin:: Simple Membership
Plugin Slug:: simple-membership
Installations: 40,000+
Vulnerability:: Open Redirection
Patched in Version:: 4.5.4
Severity Score:: Medium
CVE:: 2024-49682

Plugin:: Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.16
Severity Score:: Medium
CVE:: 2024-50513

Plugin:: Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.13
Severity Score:: Medium
CVE:: 2024-50443

Plugin:: Compact WP Audio Player
Plugin Slug:: compact-wp-audio-player
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.14
Severity Score:: Medium
CVE:: 2024-10176

Plugin:: Download Plugin
Plugin Slug:: download-plugin
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-9829

Plugin:: File Upload Types by WPForms
Plugin Slug:: file-upload-types
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2024-10016

Plugin:: Greenshift – animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.8
Severity Score:: Medium
CVE:: 2024-50419

Plugin:: Custom Icons for Elementor
Plugin Slug:: custom-icons-for-elementor
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 0.3.4
Severity Score:: Medium
CVE:: 2024-49676

Plugin:: Futurio Extra
Plugin Slug:: futurio-extra
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.12
Severity Score:: Medium
CVE:: 2024-50446

Plugin:: HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
Plugin Slug:: hurrytimer
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.11.0
Severity Score:: Medium
CVE:: 2024-8667

Plugin:: Transients Manager
Plugin Slug:: transients-manager
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.7
Severity Score:: Medium
CVE:: 2024-10045

Plugin:: Wp Social Login and Register Social Counter
Plugin Slug:: wp-social
Installations: 20,000+
Vulnerability:: Broken Authentication
Patched in Version:: 3.0.8
Severity Score:: Critical
CVE:: 2024-9501

Plugin:: Backup and Staging by WP Time Capsule
Plugin Slug:: wp-time-capsule
Installations: 20,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.22.22
Severity Score:: High
CVE:: 2024-49684

Plugin:: YITH WooCommerce Product Add-Ons
Plugin Slug:: yith-woocommerce-product-add-ons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.14.2
Severity Score:: High
CVE:: 2024-50448

Plugin:: AffiliateX – Affiliate Blocks for WordPress, Amazon, eBay, AliExpress Affiliates
Plugin Slug:: affiliatex
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.9.1
Severity Score:: Medium
CVE:: 2024-49692

Plugin:: Contact Form 7 + Telegram
Plugin Slug:: cf7-telegram
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.8.6
Severity Score:: Medium
CVE:: 2024-9629

Plugin:: Envo’s Elementor Templates & Widgets for WooCommerce
Plugin Slug:: envo-elementor-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.20
Severity Score:: Medium
CVE:: 2024-50447

Plugin:: GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
Plugin Slug:: geodirectory
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.81
Severity Score:: Medium
CVE:: 2024-50437

Plugin:: Mega Elements – Addons for Elementor
Plugin Slug:: mega-elements-addons-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-49693

Plugin:: Multi Step Form
Plugin Slug:: multi-step-form
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.22
Severity Score:: Medium
CVE:: 2024-50428

Plugin:: Premium SEO Pack – WP SEO Plugin
Plugin Slug:: premium-seo-pack
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.6.002
Severity Score:: High
CVE:: 2024-50465

Plugin:: Qode Essential Addons
Plugin Slug:: qode-essential-addons
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.6.4
Severity Score:: High
CVE:: 2024-50457

Plugin:: Selection Lite
Plugin Slug:: selection-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.14
Severity Score:: Medium
CVE:: 2024-50445

Plugin:: WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) – Smart Manager
Plugin Slug:: smart-manager-for-wp-e-commerce
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.46.0
Severity Score:: Medium
CVE:: 2024-49687

Plugin:: WP Booking System – Booking Calendar
Plugin Slug:: wp-booking-system
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.19.11
Severity Score:: Medium
CVE:: 2024-50425

Plugin:: WP VR – 360 Panorama and Virtual Tour Builder For WordPress
Plugin Slug:: wpvr
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.5.6
Severity Score:: Medium
CVE:: 2024-49680

Plugin:: WooCommerce UPS Shipping – Live Rates and Access Points
Plugin Slug:: flexible-shipping-ups
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2024-9109

Plugin:: Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
Plugin Slug:: mage-eventpress
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.6
Severity Score:: Medium
CVE:: 2024-49703

Plugin:: Contact Form 7 – Repeatable Fields
Plugin Slug:: cf7-repeatable-fields
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2024-10180

Plugin:: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
Plugin Slug:: erp
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.3
Severity Score:: High
CVE:: 2024-47640

Plugin:: Poll Maker – Versus Polls, Anonymous Polls, Image Polls
Plugin Slug:: poll-maker
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.4.7
Severity Score:: High
CVE:: 2024-9475

Plugin:: Poll Maker – Versus Polls, Anonymous Polls, Image Polls
Plugin Slug:: poll-maker
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.7
Severity Score:: Medium
CVE:: 2024-9462

Plugin:: Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates
Plugin Slug:: the-plus-addons-for-block-editor
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.0
Severity Score:: Medium
CVE:: 2024-50452

Plugin:: Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library
Plugin Slug:: cozy-addons
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.19
Severity Score:: Medium
CVE:: 2024-50502

Plugin:: Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library
Plugin Slug:: cozy-addons
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.16
Severity Score:: Medium
CVE:: 2024-50441

Plugin:: Survey Maker
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.3
Severity Score:: Medium
CVE:: 2024-50426

Plugin:: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.5
Severity Score:: Medium
CVE:: 2024-9943

Plugin:: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.5
Severity Score:: Medium
CVE:: 2024-9531

Plugin:: Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
Plugin Slug:: magazine-blocks
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.18
Severity Score:: Medium
CVE:: 2024-50429

Plugin:: WPKoi Templates for Elementor
Plugin Slug:: wpkoi-templates-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.1
Severity Score:: Medium
CVE:: 2024-49679

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.4.8
Severity Score:: High
CVE:: 2024-9864

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.4.8
Severity Score:: High
CVE:: 2024-9865

Plugin:: WP Crowdfunding
Plugin Slug:: wp-crowdfunding
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.12
Severity Score:: Medium
CVE:: 2024-10117

Plugin:: Extra Product Options Builder for WooCommerce
Plugin Slug:: additional-product-fields-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.134
Severity Score:: High
CVE:: 2024-9214

Plugin:: WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer
Plugin Slug:: adminify
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.1.7
Severity Score:: Medium
CVE:: 2024-8959

Plugin:: Ads.txt & App-ads.txt Manager for WordPress
Plugin Slug:: app-ads-txt
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.8
Severity Score:: Medium
CVE:: 2024-50415

Plugin:: Anchor Episodes Index (Spotify for Podcasters)
Plugin Slug:: anchor-episodes-index
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.11
Severity Score:: Medium
CVE:: 2024-10189

Plugin:: Masteriyo LMS – eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.13.4
Severity Score:: High
CVE:: 2024-10008

Plugin:: Masteriyo LMS – eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.4
Severity Score:: Medium
CVE:: 2024-10000

Plugin:: Mapster WP Maps
Plugin Slug:: mapster-wp-maps
Installations: 2,000+
Vulnerability:: Settings Change
Patched in Version:: 1.6.0
Severity Score:: High
CVE:: 2024-9235

Plugin:: My Wp Brand – Hide menu & Hide Plugin
Plugin Slug:: my-wp-brand
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-49694

Plugin:: Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)
Plugin Slug:: sky-elementor-addons
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.16
Severity Score:: Medium
CVE:: 2024-50433

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.1.0
Severity Score:: High
CVE:: 2024-50453

Plugin:: Advanced Sermons
Plugin Slug:: advanced-sermons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5
Severity Score:: Medium
CVE:: 2024-50458

Plugin:: App Builder – Create Native Android & iOS Apps On The Flight
Plugin Slug:: app-builder
Installations: 1,000+
Vulnerability:: Broken Authentication
Patched in Version:: 5.3.8
Severity Score:: High
CVE:: 2024-9302

Plugin:: Great Restaurant Menu WP
Plugin Slug:: best-restaurant-menu-by-pricelisto
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2024-49698

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.0
Severity Score:: High
CVE:: 2024-50438

Plugin:: CodePen Embedded Pens Shortcode
Plugin Slug:: codepen-embedded-pen-shortcode
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2024-50440

Plugin:: HD Quiz – Save Results Light
Plugin Slug:: hd-quiz-save-results-light
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.6
Severity Score:: Medium
CVE:: 2024-49689

Plugin:: Interactive World Map
Plugin Slug:: interactive-world-map
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.8
Severity Score:: Medium
CVE:: 2024-50462

Plugin:: Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages
Plugin Slug:: landing-page-cat
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.5
Severity Score:: Medium
CVE:: 2024-49686

Plugin:: myCred Elementor
Plugin Slug:: mycred-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-49702

Plugin:: News Kit Elementor Addons
Plugin Slug:: news-kit-elementor-addons
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-9541

Plugin:: PDF Generator Addon for Elementor Page Builder
Plugin Slug:: pdf-generator-addon-for-elementor-page-builder
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.5
Severity Score:: Medium
CVE:: 2024-50449

Plugin:: Posti Shipping
Plugin Slug:: posti-shipping
Installations: 1,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 3.10.3
Severity Score:: Medium
CVE:: 2024-50512

Plugin:: SEUR Oficial
Plugin Slug:: seur
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.12
Severity Score:: High
CVE:: 2024-9438

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: 3.2.11
Severity Score:: Medium
CVE:: 2024-50463

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.10
Severity Score:: Medium
CVE:: 2024-49697

Plugin:: Terms descriptions
Plugin Slug:: terms-descriptions
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.7
Severity Score:: High
CVE:: 2024-9374

Plugin:: WP Flow Plus
Plugin Slug:: wp-imageflow2
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.4
Severity Score:: Medium
CVE:: 2024-49695

Plugin:: MDTF – Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3.5
Severity Score:: Medium
CVE:: 2024-50451

Plugin:: MDTF – Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.3.3.5
Severity Score:: High
CVE:: 2024-50450

Plugin:: Accept Stripe Donation and Payments – AidWP
Plugin Slug:: wp-stripe-donation
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.4
Severity Score:: Medium
CVE:: 2024-50459

Plugin:: Kata Plus – Addons for Elementor – Widgets, Extensions and Templates
Plugin Slug:: kata-plus
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2024-50501

Plugin:: SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
Plugin Slug:: surveyjs
Installations: 600+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.12.4
Severity Score:: Critical
CVE:: 2024-50427

Plugin:: WP Sessions Time Monitoring Full Automatic
Plugin Slug:: activitytime
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.0
Severity Score:: Critical
CVE:: 2024-49681

Plugin:: Namaste! LMS
Plugin Slug:: namaste-lms
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4.1
Severity Score:: Medium
CVE:: 2024-50410

Plugin:: Namaste! LMS
Plugin Slug:: namaste-lms
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.3
Severity Score:: Medium
CVE:: 2024-50409

Plugin:: Namaste! LMS
Plugin Slug:: namaste-lms
Installations: 500+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.4
Severity Score:: High
CVE:: 2024-50408

Plugin:: Namaste! LMS
Plugin Slug:: namaste-lms
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.3
Severity Score:: High
CVE:: 2024-50407

Plugin:: WP Abstracts
Plugin Slug:: wp-abstracts-manuscripts-manager
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2024-50411

Plugin:: LaTeX2HTML
Plugin Slug:: latex2html
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.5
Severity Score:: High
CVE:: 2024-49673

Plugin:: Rover IDX
Plugin Slug:: rover-idx
Installations: 300+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.0.0.2906
Severity Score:: High
CVE:: 2024-10002

Plugin:: Rover IDX
Plugin Slug:: rover-idx
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.0.2905
Severity Score:: Medium
CVE:: 2024-10003

Plugin:: WPC Shop as a Customer for WooCommerce
Plugin Slug:: wpc-shop-as-customer
Installations: 300+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.2.7
Severity Score:: High
CVE:: 2024-50416

Plugin:: WordPress Post Grid Layouts with Pagination – Sogrid
Plugin Slug:: sogrid
Installations: 200+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.7
Severity Score:: High
CVE:: 2024-8392

Plugin:: Booking Plugin for Your WordPress Appointments – Time Slot
Plugin Slug:: timeslot
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2024-50418

Plugin:: User Toolkit
Plugin Slug:: user-toolkit
Installations: 100+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.2.4
Severity Score:: Critical
CVE:: 2024-50503

Plugin:: aDirectory – Directory Listing WordPress Plugin
Plugin Slug:: adirectory
Installations: 80+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.3.1
Severity Score:: Critical
CVE:: 2024-50420

Plugin:: Client Power Tools Portal
Plugin Slug:: client-power-tools
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: High
CVE:: 2024-49670

Plugin:: Image Map Pro
Plugin Slug:: image-map-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.21
Severity Score:: Medium
CVE:: 2024-9585

Plugin:: Image Map Pro
Plugin Slug:: image-map-pro
Vulnerability:: Broken Access Control
Patched in Version:: 6.0.21
Severity Score:: Medium
CVE:: 2024-9584

Plugin:: ProfilePress Pro
Plugin Slug:: profilepress-pro
Vulnerability:: Broken Authentication
Patched in Version:: 4.11.2
Severity Score:: High
CVE:: 2024-9947

Plugin:: WooCommerce Order Proposal
Plugin Slug:: woocommerce-order-proposal
Vulnerability:: Broken Authentication
Patched in Version:: 2.0.6
Severity Score:: High
CVE:: 2024-9927

WordPress Themes — 5 Patched / 1 Unpatched

Theme:: js paper
Theme Slug:: js-paper
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49678

Theme:: Clean Retina
Theme Slug:: clean-retina
Downloads: 272,266
Vulnerability:: Local File Inclusion
Patched in Version:: 3.0.7
Severity Score:: High
CVE:: 2024-50436

Theme:: Mags
Theme Slug:: mags
Downloads: 25,904
Vulnerability:: Local File Inclusion
Patched in Version:: 1.1.7
Severity Score:: High
CVE:: 2024-49701

Theme:: Meta News
Theme Slug:: meta-news
Downloads: 17,650
Vulnerability:: Local File Inclusion
Patched in Version:: 1.1.8
Severity Score:: High
CVE:: 2024-50435

Theme:: NewsCard
Theme Slug:: newscard
Downloads: 435,520
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4
Severity Score:: High
CVE:: 2024-50434

Theme:: Nioland
Theme Slug:: nioland
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: High
CVE:: 2024-10250

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — October 30, 2024 appeared first on SolidWP.

Table of Contents

WordPress Core

WordPress Plugins — 136 Patched / 109 Unpatched