WordPress Core
WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.
WordPress Plugins — 86 Patched / 32 Unpatched
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:photo-gallery
Installations200,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms
Plugin Slug:cf7-constant-contact
Installations1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
Business Card
Plugin:Business Card
Plugin Slug:business-card-by-esterox-100
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
KKProgressbar2 Free – advanced progress bars
Plugin Slug:kkprogressbar
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-4535
KKProgressbar2 Free – advanced progress bars
Plugin Slug:kkprogressbar
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
KKProgressbar2 Free – advanced progress bars
Plugin Slug:kkprogressbar
Installations10+
Vulnerability:SQL Injection
Patched in Version:No Fix
Severity Score:High
WP Stacker
Plugin:WP Stacker
Plugin Slug:wp-stacker
Installations10+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
AdFoxly – Ad Manager, AdSense Ads & Ads.txt
Plugin:AdFoxly – Ad Manager, AdSense Ads & Ads.txt
Plugin Slug:adfoxly
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
ApplyOnline – Application Form Builder and Manager
Plugin:ApplyOnline – Application Form Builder and Manager
Plugin Slug:apply-online
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
Automatic Translator with Auto Translate
Plugin:Automatic Translator with Auto Translate
Plugin Slug:auto-translate
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
Button contact VR
Plugin:Button contact VR
Plugin Slug:button-contact-vr
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
Crafthemes Demo Import
Plugin:Crafthemes Demo Import
Plugin Slug:crafthemes-demo-import
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:High
CVE:2024-34800
Dextaz Ping
Plugin:Dextaz Ping
Plugin Slug:dextaz-ping
Vulnerability:Remote Code Execution (RCE)
Patched in Version:No Fix
Severity Score:Critical
Easy Digital Downloads – Recent Purchases
Plugin:Easy Digital Downloads – Recent Purchases
Plugin Slug:edd-recent-purchases
Vulnerability:Remote File Inclusion
Patched in Version:No Fix
Severity Score:Critical
Elegant Addons for elementor
Plugin:Elegant Addons for elementor
Plugin Slug:elegant-addons-for-elementor
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
Flattr
Plugin:Flattr
Plugin Slug:flattr
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
LuckyWP Table of Contents
Plugin:LuckyWP Table of Contents
Plugin Slug:luckywp-table-of-contents
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.
LuckyWP Table of Contents
Plugin:LuckyWP Table of Contents
Plugin Slug:luckywp-table-of-contents
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
LuckyWP Table of Contents
Plugin:LuckyWP Table of Contents
Plugin Slug:luckywp-table-of-contents
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
Opal Estate Pro
Plugin:Opal Estate Pro
Plugin Slug:opal-estate-pro
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
Plugin:PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
Plugin Slug:paypal-pay-buy-donation-and-cart-buttons-shortcode
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
Pet Manager
Plugin:Pet Manager
Plugin Slug:pet-manager
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
Sailthru Triggermail
Plugin:Sailthru Triggermail
Plugin Slug:sailthru-triggermail
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
Sailthru Triggermail
Plugin:Sailthru Triggermail
Plugin Slug:sailthru-triggermail
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
Praison SEO WordPress
Plugin:Praison SEO WordPress
Plugin Slug:seo-wordpress
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
Simple Popup Manager
Plugin:Simple Popup Manager
Plugin Slug:simple-popup-manager
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
Toolbar Extras for Elementor & More
Plugin:Toolbar Extras for Elementor & More
Plugin Slug:toolbar-extras
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
Woocommerce – Recent Purchases
Plugin:Woocommerce – Recent Purchases
Plugin Slug:woo-recent-purchases
Vulnerability:Local File Inclusion
Patched in Version:No Fix
Severity Score:Medium
WP Backpack
Plugin:WP Backpack
Plugin Slug:wp-backpack
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
WP Font Awesome Share Icons
Plugin:WP Font Awesome Share Icons
Plugin Slug:wp-font-awesome-share-icons
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
WP Next Post Navi
Plugin:WP Next Post Navi
Plugin Slug:wp-next-post-navi
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
WP Scraper
Plugin:WP Scraper
Plugin Slug:wp-scraper
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
Elementor Website Builder – More than Just a Page Builder
Plugin Slug:elementor
Installations10,000,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.21.6
Severity Score:Medium
Elementor Header & Footer Builder
Plugin Slug:header-footer-elementor
Installations1,000,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.6.26.1
Severity Score:Medium
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation
Plugin:Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation
Plugin Slug:optinmonster
Installations1,000,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.16.2
Severity Score:Medium
WP Fastest Cache
Plugin:WP Fastest Cache
Plugin Slug:wp-fastest-cache
Installations1,000,000+
Vulnerability:Arbitrary File Deletion
Patched in Version:1.2.7
Severity Score:High
Premium Addons for Elementor
Plugin:Premium Addons for Elementor
Plugin Slug:premium-addons-for-elementor
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.10.32
Severity Score:Medium
Page Builder by SiteOrigin
Plugin:Page Builder by SiteOrigin
Plugin Slug:siteorigin-panels
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.29.16
Severity Score:Medium
CVE:2024-4361
Spectra – WordPress Gutenberg Blocks
Plugin Slug:ultimate-addons-for-gutenberg
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.13.1
Severity Score:Medium
CVE:2024-4366
Spectra – WordPress Gutenberg Blocks
Plugin Slug:ultimate-addons-for-gutenberg
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.12.9
Severity Score:Medium
CVE:2024-1814
WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:shortcodes-ultimate
Installations600,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.1.6
Severity Score:Medium
CVE:2024-4553
SiteOrigin Widgets Bundle
Plugin:SiteOrigin Widgets Bundle
Plugin Slug:so-widgets-bundle
Installations600,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.61.0
Severity Score:Medium
CVE:2024-4362
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:fluentform
Installations400,000+
Vulnerability:PHP Object Injection
Patched in Version:5.1.16
Severity Score:High
CVE:2024-4157
WP Go Maps (formerly WP Google Maps)
Plugin Slug:wp-google-maps
Installations400,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:9.0.37
Severity Score:Medium
CVE:2024-3557
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:unlimited-elements-for-elementor
Installations200,000+
Vulnerability:SQL Injection
Patched in Version:1.5.108
Severity Score:High
CVE:2024-4779
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Plugin Slug:wp-user-avatar
Installations200,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.15.9
Severity Score:Medium
CVE:2024-2861
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:bdthemes-element-pack-lite
Installations100,000+
Vulnerability:Bypass Vulnerability
Patched in Version:5.6.4
Severity Score:Medium
CVE:2024-3927
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:bdthemes-element-pack-lite
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:5.6.2
Severity Score:Medium
CVE:2024-3926
HT Mega – Absolute Addons For Elementor
Plugin Slug:ht-mega-for-elementor
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.5.3
Severity Score:Medium
CVE:2024-4876
HT Mega – Absolute Addons For Elementor
Plugin Slug:ht-mega-for-elementor
Installations100,000+
Vulnerability:Broken Access Control
Patched in Version:2.5.3
Severity Score:Medium
CVE:2024-4875
Social Icons Widget & Block by WPZOOM
Plugin Slug:social-icons-widget-by-wpzoom
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.18
Severity Score:Medium
CVE:2024-2189
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin:The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:the-plus-addons-for-elementor-page-builder
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:5.5.5
Severity Score:Medium
CVE:2024-3718
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Plugin Slug:woolentor-addons
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.8.9
Severity Score:Medium
CVE:2024-3345
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Plugin Slug:woolentor-addons
Installations100,000+
Vulnerability:Broken Access Control
Patched in Version:2.8.9
Severity Score:High
CVE:2024-4566
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:embedpress
Installations90,000+
Vulnerability:Broken Access Control
Patched in Version:3.9.13
Severity Score:Medium
CVE:2024-1803
LearnPress – WordPress LMS Plugin
Plugin Slug:learnpress
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.6.7
Severity Score:Medium
CVE:2024-4971
Master Slider – Responsive Touch Slider
Plugin Slug:master-slider
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.9.10
Severity Score:Medium
CVE:2024-4470
Brizy – Page Builder
Plugin:Brizy – Page Builder
Plugin Slug:brizy
Installations80,000+
Vulnerability:Broken Access Control
Patched in Version:2.4.44
Severity Score:Medium
CVE:2024-3711
Email Log
Plugin:Email Log
Plugin Slug:email-log
Installations80,000+
Vulnerability:Other Vulnerability Type
Patched in Version:2.4.9
Severity Score:High
CVE:2024-0867
Media Library Assistant
Plugin:Media Library Assistant
Plugin Slug:media-library-assistant
Installations70,000+
Vulnerability:SQL Injection
Patched in Version:3.16
Severity Score:High
CVE:2024-3518
Media Library Assistant
Plugin:Media Library Assistant
Plugin Slug:media-library-assistant
Installations70,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.16
Severity Score:High
CVE:2024-3519
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
Plugin Slug:wpdatatables
Installations70,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.4.2.14
Severity Score:High
CVE:2024-4895
YITH WooCommerce Ajax Search
Plugin:YITH WooCommerce Ajax Search
Plugin Slug:yith-woocommerce-ajax-search
Installations70,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.4.1
Severity Score:High
CVE:2024-4455
Advanced iFrame
Plugin:Advanced iFrame
Plugin Slug:advanced-iframe
Installations60,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2024.4
Severity Score:Medium
CVE:2024-4365
WP Table Builder – WordPress Table Plugin
Plugin Slug:wp-table-builder
Installations60,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.4.15
Severity Score:Medium
CVE:2024-4700
Carousel Slider
Plugin:Carousel Slider
Plugin Slug:carousel-slider
Installations40,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.2.11
Severity Score:Medium
CVE:2024-4372
Ditty – Responsive News Tickers, Sliders, and Lists
Plugin Slug:ditty-news-ticker
Installations40,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.1.36
Severity Score:Medium
CVE:2024-3939
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
Plugin:Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
Plugin Slug:post-grid
Installations40,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.2.81
Severity Score:Medium
CVE:2024-3155
FV Flowplayer Video Player
Plugin:FV Flowplayer Video Player
Plugin Slug:fv-wordpress-flowplayer
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.5.46.7212
Severity Score:High
CVE:2024-35631
Reviews and Rating – Google Reviews
Plugin Slug:g-business-reviews-rating
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:5.3
Severity Score:Medium
CVE:2024-5218
Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin
Plugin Slug:logo-slider-wp
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.0.0
Severity Score:Medium
CVE:2024-3288
ND Shortcodes
Plugin:ND Shortcodes
Plugin Slug:nd-shortcodes
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.6
Severity Score:Medium
CVE:2024-5220
WP DSGVO Tools (GDPR)
Plugin:WP DSGVO Tools (GDPR)
Plugin Slug:shapepress-dsgvo
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.1.33
Severity Score:Medium
CVE:2024-3201
ShareThis Share Buttons
Plugin:ShareThis Share Buttons
Plugin Slug:sharethis-share-buttons
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.3.1
Severity Score:Medium
CVE:2024-3648
WPZOOM Addons for Elementor (Templates, Widgets)
Plugin Slug:wpzoom-elementor-addons
Installations20,000+
Vulnerability:Local File Inclusion
Patched in Version:1.1.38
Severity Score:Critical
CVE:2024-5147
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
Plugin Slug:bookingpress-appointment-booking
Installations10,000+
Vulnerability:Broken Access Control
Patched in Version:1.0.83
Severity Score:Medium
CVE:2024-34799
Business Directory Plugin – Easy Listing Directories for WordPress
Plugin Slug:business-directory-plugin
Installations10,000+
Vulnerability:SQL Injection
Patched in Version:6.4.3
Severity Score:Critical
CVE:2024-4443
LA-Studio Element Kit for Elementor
Plugin Slug:lastudio-element-kit
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.8
Severity Score:Medium
CVE:2024-4431
WP Photo Album Plus
Plugin:WP Photo Album Plus
Plugin Slug:wp-photo-album-plus
Installations10,000+
Vulnerability:Content Injection
Patched in Version:8.7.00.004
Severity Score:Medium
CVE:2024-4037
WP TripAdvisor Review Slider
Plugin:WP TripAdvisor Review Slider
Plugin Slug:wp-tripadvisor-review-slider
Installations10,000+
Vulnerability:SQL Injection
Patched in Version:12.7
Severity Score:High
CVE:2024-35630
WordPress + Microsoft Office 365 / Azure AD | LOGIN
Plugin Slug:wpo365-login
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:28.0
Severity Score:Medium
CVE:2024-4706
140+ Widgets | Best Addons For Elementor – FREE
Plugin Slug:xpro-elementor-addons
Installations10,000+
Vulnerability:PHP Object Injection
Patched in Version:1.4.3.2
Severity Score:High
CVE:2024-4471
Videojs HTML5 Player
Plugin:Videojs HTML5 Player
Plugin Slug:videojs-html5-player
Installations9,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.12
Severity Score:Medium
CVE:2024-5205
Awesome Contact Form7 for Elementor
Plugin Slug:awesome-contact-form7-for-elementor
Installations8,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.0
Severity Score:Medium
CVE:2024-4486
Primary Addon for Elementor
Plugin:Primary Addon for Elementor
Plugin Slug:primary-addon-for-elementor
Installations8,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.5.6
Severity Score:Medium
CVE:2024-5229
Hash Elements
Plugin:Hash Elements
Plugin Slug:hash-elements
Installations7,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.9
Severity Score:Medium
CVE:2024-5177
Survey Maker – Best WordPress Survey Plugin
Plugin Slug:survey-maker
Installations6,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.9
Severity Score:Medium
CVE:2024-4061
Testimonial Carousel For Elementor
Plugin Slug:testimonials-carousel-elementor
Installations6,000+
Vulnerability:Broken Access Control
Patched in Version:10.2.1
Severity Score:Medium
CVE:2024-4858
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Plugin Slug:wp-cafe
Installations6,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:2.2.24
Severity Score:High
CVE:2024-1855
WPKoi Templates for Elementor
Plugin Slug:wpkoi-templates-for-elementor
Installations6,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.5.11
Severity Score:Medium
CVE:2024-4980
AI ChatBot for WordPress – WPBot
Plugin Slug:chatbot
Installations5,000+
Vulnerability:Broken Access Control
Patched in Version:5.3.6
Severity Score:Medium
CVE:2024-0452
WP Ultimate Post Grid
Plugin:WP Ultimate Post Grid
Plugin Slug:wp-ultimate-post-grid
Installations5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.9.2
Severity Score:Medium
CVE:2024-4043
PopupAlly
Plugin:PopupAlly
Plugin Slug:popupally
Installations4,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.1.2
Severity Score:Medium
CVE:2024-34796
Move Addons for Elementor
Plugin:Move Addons for Elementor
Plugin Slug:move-addons
Installations3,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.2
Severity Score:Medium
CVE:2024-4695
YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress
Plugin Slug:youtube-showcase
Installations3,000+
Vulnerability:Broken Access Control
Patched in Version:3.4.0
Severity Score:Medium
CVE:2024-3268
Debug Log – Manger Tool
Plugin:Debug Log – Manger Tool
Plugin Slug:debug-log-config-tool
Installations2,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:1.5
Severity Score:Medium
CVE:2024-34798
LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor
Plugin Slug:include-lottie-animation-for-elementor
Installations2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.10.10
Severity Score:Medium
CVE:2024-5060
Event post
Plugin:Event post
Plugin Slug:event-post
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:5.9.5
Severity Score:Medium
CVE:2024-1376
Fastly
Plugin:Fastly
Plugin Slug:fastly
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:1.2.26
Severity Score:Medium
CVE:2024-34803
Hash Form – Drag & Drop Form Builder
Plugin Slug:hash-form
Installations1,000+
Vulnerability:PHP Object Injection
Patched in Version:1.1.1
Severity Score:Medium
CVE:2024-5085
Hash Form – Drag & Drop Form Builder
Plugin Slug:hash-form
Installations1,000+
Vulnerability:Remote Code Execution (RCE)
Patched in Version:1.1.1
Severity Score:Critical
CVE:2024-5084
Tainacan
Plugin:Tainacan
Plugin Slug:tainacan
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.21.4
Severity Score:Medium
CVE:2024-34795
Tainacan
Plugin:Tainacan
Plugin Slug:tainacan
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.21.4
Severity Score:High
CVE:2024-34794
Web Directory Free
Plugin:Web Directory Free
Plugin Slug:web-directory-free
Installations600+
Vulnerability:SQL Injection
Patched in Version:1.7.0
Severity Score:Critical
CVE:2024-3552
WP-ViperGB
Plugin:WP-ViperGB
Plugin Slug:wp-vipergb
Installations600+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.6.2
Severity Score:Medium
CVE:2024-4409
Atarim
Plugin:Atarim
Plugin Slug:atarim-visual-collaboration
Vulnerability:Other Vulnerability Type
Patched in Version:3.30
Severity Score:High
CVE:2024-2038
Country State City Dropdown CF7
Plugin:Country State City Dropdown CF7
Plugin Slug:country-state-city-auto-dropdown
Vulnerability:SQL Injection
Patched in Version:2.7.3
Severity Score:Critical
CVE:2024-3495
ElementsKit Pro
Plugin:ElementsKit Pro
Plugin Slug:elementskit
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.6.2
Severity Score:Medium
CVE:2024-4452
layerSlider
Plugin:LayerSlider
Plugin Slug:layerslider
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.11.1
Severity Score:Medium
CVE:2024-4575
Contact Form & Lead Form Elementor Builder
Plugin:Contact Form & Lead Form Elementor Builder
Plugin Slug:lead-form-builder
Vulnerability:Content Injection
Patched in Version:1.9.2
Severity Score:Medium
CVE:2024-4261
Memberpress
Plugin:Memberpress
Plugin Slug:memberpress
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.11.30
Severity Score:Medium
CVE:2024-5025
Memberpress
Plugin:Memberpress
Plugin Slug:memberpress
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:1.11.30
Severity Score:Medium
CVE:2024-5031
Pie Register (Add on) – Social Sites Login
Plugin:Pie Register (Add on) – Social Sites Login
Plugin Slug:pie-register-social-site
Vulnerability:Broken Authentication
Patched in Version:1.7.8
Severity Score:Critical
CVE:2024-4544
NextScripts
Plugin:NextScripts
Plugin Slug:social-networks-auto-poster-facebook-twitter-g
Vulnerability:Sensitive Data Exposure
Patched in Version:4.4.4
Severity Score:High
CVE:2024-2088
NextScripts
Plugin:NextScripts
Plugin Slug:social-networks-auto-poster-facebook-twitter-g
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:4.4.4
Severity Score:Medium
CVE:2024-1446
NextScripts
Plugin:NextScripts
Plugin Slug:social-networks-auto-poster-facebook-twitter-g
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.4.4
Severity Score:High
CVE:2024-1762
Uber Menu
Plugin:Uber Menu
Plugin Slug:ubermenu
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.8.3
Severity Score:Medium
CVE:2024-4710
Userpro
Plugin:Userpro
Plugin Slug:userpro
Vulnerability:Privilege Escalation
Patched in Version:5.1.9
Severity Score:Critical
CVE:2024-35700