In diesem Bericht wurden 153 Schwachstellen öffentlich bekannt gegeben. Sicherheitsupdates für 119 dieser Plugins und Themes sind jetzt verfügbar, daher sollten diese Updates so schnell wie möglich durchgeführt werden. Wenn Sie ein Solid Security Pro-Benutzer sind, hat das Versionsverwaltungstool Sie möglicherweise bereits gewarnt und diese Plugins je nach Ihren Einstellungen aktualisiert.
Darüber hinaus gibt es 34 Plugins und Themes mit Schwachstellen, für die noch kein Patch verfügbar ist. Wenn Sie ein Solid Security Pro-Benutzer sind, sind diese Schwachstellen bereits durch die Solid Security-Firewall geschützt. Virtuelle Patches von Patchstack werden angewendet, wenn eine Schwachstelle als hohes oder mittleres Risiko eingestuft wird. Wenn kein Patch vom Anbieter bereitgestellt wird oder die anfällige Software als „geschlossen“ markiert und aus den offiziellen WordPress-Repositories entfernt wurde, sollten Sie diese bald deaktivieren und nach alternativen Lösungen suchen.
252.
Calendarista Basic Edition
Plugin:
Plugin Slug:
calendarista-basic-edition
Installations:
Broken Access Control
Vulnerability:
3.0.6
Patched in Version:
Medium
Severity Score:
2024-30534
CVE:
- The vulnerability has been patched, so you should update to version 3.0.6.
251.
WP ERP
Plugin:
Plugin Slug:
erp
Installations:
SQL Injection
Vulnerability:
1.30.0
Patched in Version:
High
Severity Score:
2024-0952
CVE:
- The vulnerability has been patched, so you should update to version 1.30.0.
250.
LayerSlider
Plugin:
Plugin Slug:
layerslider
Installations:
SQL Injection
Vulnerability:
7.10.1
Patched in Version:
Critical
Severity Score:
2024-2879
CVE:
- The vulnerability has been patched, so you should update to version 7.10.1.
249.
Limit Attempts by BestWebSoft
Plugin:
Plugin Slug:
limit-attempts
Installations:
Cross Site Scripting (XSS)
Vulnerability:
1.3.0
Patched in Version:
High
Severity Score:
2024-30439
CVE:
- The vulnerability has been patched, so you should update to version 1.3.0.
248.
REHub Framework
Plugin:
Plugin Slug:
rehub-framework
Installations:
SQL Injection
Vulnerability:
19.6.2
Patched in Version:
High
Severity Score:
2024-31234
CVE:
- The vulnerability has been patched, so you should update to version 19.6.2.
247.
Slider by Supsystic
Plugin:
Plugin Slug:
slider-by-supsystic
Installations:
Cross Site Scripting (XSS)
Vulnerability:
1.8.11
Patched in Version:
Medium
Severity Score:
2024-30448
CVE:
- The vulnerability has been patched, so you should update to version 1.8.11.
246.
Wholesale For WooCommerce
Plugin:
Plugin Slug:
woocommerce-wholesale-pricing
Installations:
Sensitive Data Exposure
Vulnerability:
2.3.1
Patched in Version:
Medium
Severity Score:
2024-30469
CVE:
- The vulnerability has been patched, so you should update to version 2.3.1.
245.
WP Cost Estimation & Payment Forms Builder
Plugin Slug:
wp-estimation-form
Installations:
SQL Injection
Vulnerability:
10.1.76
Patched in Version:
High
Severity Score:
2024-30489
CVE:
- The vulnerability has been patched, so you should update to version 10.1.76.
244.
YITH WooCommerce Account Funds Premium
Plugin Slug:
yith-woocommerce-account-funds-premium
Installations:
Broken Access Control
Vulnerability:
1.34.0
Patched in Version:
Medium
Severity Score:
2024-30470
CVE:
- The vulnerability has been patched, so you should update to version 1.34.0.
243.
Creative Image Slider – Responsive Slider Plugin
Plugin Slug:
creative-image-slider
Installations:
500+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.5.0
Severity Score:
High
CVE:
2024-30447
- The vulnerability has been patched, so you should update to version 2.5.0.
242.
DELUCKS SEO
Plugin:
Plugin Slug:
delucks-seo
Installations:
600+
Vulnerability:
Broken Access Control
Patched in Version:
2.5.5
Severity Score:
Medium
CVE:
2024-30538
- The vulnerability has been patched, so you should update to version 2.5.5.
241.
MDTF – Meta Data and Taxonomies Filter
Plugin Slug:
wp-meta-data-filter-and-taxonomy-filter
Installations:
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.3.3.2
Severity Score:
Medium
CVE:
2024-30457
- The vulnerability has been patched, so you should update to version 1.3.3.2.
240.
WordPress CRM Plugin – WP-CRM System
Plugin Slug:
wp-crm-system
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.9.1
Severity Score:
Medium
CVE:
2024-30434
- The vulnerability has been patched, so you should update to version 3.2.9.1.
239.
Sharkdropship Dropshipping & Affiliate for for AliExpress
Plugin Slug:
wooshark-aliexpress-importer
Installations:
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.2.5
Severity Score:
Medium
CVE:
2024-1732
- The vulnerability has been patched, so you should update to version 2.2.5.
238.
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)
Plugin:
Plugin Slug:
wholesalex
Installations:
1,000+
Vulnerability:
Privilege Escalation
Patched in Version:
1.3.3
Severity Score:
Critical
CVE:
2024-30542
- The vulnerability has been patched, so you should update to version 1.3.3.
237.
Webinar and Video Conference with Jitsi Meet – Create Branded Webinars for WordPress, Meetings & Livestreaming
Plugin Slug:
webinar-and-video-conference-with-jitsi-meet
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.4
Severity Score:
Medium
CVE:
2024-30437
- The vulnerability has been patched, so you should update to version 2.6.4.
236.
Tumult Hype Animations
Plugin:
Plugin Slug:
tumult-hype-animations
Installations:
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.9.12
Severity Score:
Medium
CVE:
2024-30460
- The vulnerability has been patched, so you should update to version 1.9.12.
235.
Tumult Hype Animations
Plugin:
Plugin Slug:
tumult-hype-animations
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.9.12
Severity Score:
High
CVE:
2024-30461
- The vulnerability has been patched, so you should update to version 1.9.12.
234.
Tainacan
Plugin:
Plugin Slug:
tainacan
Installations:
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
0.20.8
Severity Score:
Medium
CVE:
2024-30529
- The vulnerability has been patched, so you should update to version 0.20.8.
233.
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)
Plugin Slug:
stepbyteservice-openstreetmap
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.2
Severity Score:
Medium
CVE:
2024-30450
- The vulnerability has been patched, so you should update to version 1.1.2.
232.
Print Page block – Print the entire page or Section.
Plugin Slug:
print-page
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.9
Severity Score:
Medium
CVE:
2024-30438
- The vulnerability has been patched, so you should update to version 1.0.9.
231.
Paid Memberships Pro – Payfast Gateway Add On
Plugin Slug:
pmpro-payfast
Installations:
1,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.4.2
Severity Score:
Medium
CVE:
2024-30514
- The vulnerability has been patched, so you should update to version 1.4.2.
230.
OSS Aliyun
Plugin:
Plugin Slug:
oss-aliyun
Installations:
1,000+
Vulnerability:
SQL Injection
Patched in Version:
1.4.11
Severity Score:
High
CVE:
2024-30494
- The vulnerability has been patched, so you should update to version 1.4.11.
229.
Web Icons
Plugin:
Plugin Slug:
icon
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.0.11
Severity Score:
Medium
CVE:
2024-30445
- The vulnerability has been patched, so you should update to version 1.0.0.11.
228.
A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials
Plugin Slug:
gs-testimonial
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1.5
Severity Score:
Medium
CVE:
2024-30443
- The vulnerability has been patched, so you should update to version 3.1.5.
227.
FG PrestaShop to WooCommerce
Plugin:
Plugin Slug:
fg-prestashop-to-woocommerce
Installations:
1,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
4.47.0
Severity Score:
Medium
CVE:
2024-30511
- The vulnerability has been patched, so you should update to version 4.47.0.
226.
Falang multilanguage for WordPress
Plugin Slug:
falang
Installations:
1,000+
Vulnerability:
SQL Injection
Patched in Version:
1.3.48
Severity Score:
High
CVE:
2024-30495
- The vulnerability has been patched, so you should update to version 1.3.48.
225.
Easy Form Builder
Plugin:
Plugin Slug:
easy-form-builder
Installations:
1,000+
Vulnerability:
SQL Injection
Patched in Version:
3.7.5
Severity Score:
High
CVE:
2024-30535
- The vulnerability has been patched, so you should update to version 3.7.5.
224.
WPCS – WordPress Currency Switcher Professional
Plugin Slug:
currency-switcher
Installations:
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.0.2
Severity Score:
Medium
CVE:
2024-30456
- The vulnerability has been patched, so you should update to version 1.2.0.2.
223.
Creative Addons for Elementor
Plugin:
Plugin Slug:
creative-addons-for-elementor
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.0
Severity Score:
Medium
CVE:
2024-2924
- The vulnerability has been patched, so you should update to version 1.6.0.
222.
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
Plugin Slug:
contest-gallery
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
21.3.6
Severity Score:
High
CVE:
2024-30428
- The vulnerability has been patched, so you should update to version 21.3.6.
221.
Church Admin
Plugin:
Plugin Slug:
church-admin
Installations:
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.1.8
Severity Score:
Medium
CVE:
2024-30493
- The vulnerability has been patched, so you should update to version 4.1.8.
220.
Church Admin
Plugin:
Plugin Slug:
church-admin
Installations:
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.1.19
Severity Score:
Medium
CVE:
2024-30505
- The vulnerability has been patched, so you should update to version 4.1.19.
219.
Geo Controller
Plugin:
Plugin Slug:
cf-geoplugin
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
8.6.5
Severity Score:
Medium
CVE:
2024-30451
- The vulnerability has been patched, so you should update to version 8.6.5.
218.
Announcement & Notification Banner – Bulletin
Plugin Slug:
bulletin-announcements
Installations:
1,000+
Vulnerability:
SQL Injection
Patched in Version:
3.9.0
Severity Score:
High
CVE:
2024-30478
- The vulnerability has been patched, so you should update to version 3.9.0.
217.
AI WP Writer – ?????????????? ????? ChatGPT 3.5, GPT 4 ? ????????????? ?????? ??????????
Plugin Slug:
ai-wp-writer
Installations:
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.6.5.6
Severity Score:
Medium
CVE:
2024-30459
- The vulnerability has been patched, so you should update to version 3.6.5.6.
216.
Zotpress
Plugin:
Plugin Slug:
zotpress
Installations:
2,000+
Vulnerability:
SQL Injection
Patched in Version:
7.3.8
Severity Score:
High
CVE:
2024-30488
- The vulnerability has been patched, so you should update to version 7.3.8.
215.
WordPress Page Builder – Zion Builder
Plugin Slug:
zionbuilder
Installations:
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.10
Severity Score:
Medium
CVE:
2024-30444
- The vulnerability has been patched, so you should update to version 3.6.10.
214.
WPC Badge Management for WooCommerce
Plugin Slug:
wpc-badge-management
Installations:
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.4.1
Severity Score:
Medium
CVE:
2024-30537
- The vulnerability has been patched, so you should update to version 2.4.1.
213.
WP Express Checkout (Accept PayPal Payments Easily)
Plugin Slug:
wp-express-checkout
Installations:
2,000+
Vulnerability:
Other Vulnerability Type
Patched in Version:
2.3.8
Severity Score:
High
CVE:
2024-30527
- The vulnerability has been patched, so you should update to version 2.3.8.
212.
RT Easy Builder – Advanced addons for Elementor
Plugin Slug:
rt-easy-builder-advanced-addons-for-elementor
Installations:
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.1
Severity Score:
Medium
CVE:
2024-30484
- The vulnerability has been patched, so you should update to version 2.1.
211.
WP Responsive Tabs horizontal vertical and accordion Tabs
Plugin Slug:
responsive-horizontal-vertical-and-accordion-tabs
Installations:
2,000+
Vulnerability:
SQL Injection
Patched in Version:
1.1.18
Severity Score:
High
CVE:
2024-30497
- The vulnerability has been patched, so you should update to version 1.1.18.
210.
Layouts for Elementor
Plugin:
Plugin Slug:
layouts-for-elementor
Installations:
2,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
1.8
Severity Score:
High
CVE:
2024-30533
- The vulnerability has been patched, so you should update to version 1.8.
209.
CRM Perks Forms – WordPress Form Builder
Plugin Slug:
crm-perks-forms
Installations:
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.5
Severity Score:
Medium
CVE:
2024-30446
- The vulnerability has been patched, so you should update to version 1.1.5.
208.
CRM Perks Forms – WordPress Form Builder
Plugin Slug:
crm-perks-forms
Installations:
2,000+
Vulnerability:
SQL Injection
Patched in Version:
1.1.5
Severity Score:
Critical
CVE:
2024-30498
- The vulnerability has been patched, so you should update to version 1.1.5.
207.
CRM Perks Forms – WordPress Form Builder
Plugin Slug:
crm-perks-forms
Installations:
2,000+
Vulnerability:
SQL Injection
Patched in Version:
1.1.5
Severity Score:
High
CVE:
2024-30499
- The vulnerability has been patched, so you should update to version 1.1.5.
206.
Product Sort and Display for WooCommerce
Plugin Slug:
woocommerce-product-sort-and-display
Installations:
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.4.2
Severity Score:
Medium
CVE:
2024-1807
- The vulnerability has been patched, so you should update to version 2.4.2.
205.
Themify Event Post
Plugin:
Plugin Slug:
themify-event-post
Installations:
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.8
Severity Score:
Medium
CVE:
2024-30440
- The vulnerability has been patched, so you should update to version 1.2.8.
204.
Spiffy Calendar
Plugin:
Plugin Slug:
spiffy-calendar
Installations:
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.9.10
Severity Score:
Medium
CVE:
2024-30427
- The vulnerability has been patched, so you should update to version 4.9.10.
203.
Spiffy Calendar
Plugin:
Plugin Slug:
spiffy-calendar
Installations:
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.9.11
Severity Score:
Medium
CVE:
2024-30528
- The vulnerability has been patched, so you should update to version 4.9.11.
202.
Move Addons for Elementor
Plugin:
Plugin Slug:
move-addons
Installations:
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.0
Severity Score:
Medium
CVE:
2024-30525
- The vulnerability has been patched, so you should update to version 1.3.0.
201.
Landingi Landing Pages
Plugin:
Plugin Slug:
landingi-landing-pages
Installations:
3,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.1.2
Severity Score:
Medium
CVE:
2024-30521
- The vulnerability has been patched, so you should update to version 3.1.2.
200.
CubeWP – All-in-One Dynamic Content Framework
Plugin Slug:
cubewp-framework
Installations:
3,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
1.1.13
Severity Score:
Critical
CVE:
2024-30500
- The vulnerability has been patched, so you should update to version 1.1.13.
199.
Builderall Builder for WordPress
Plugin:
Plugin Slug:
builderall-cheetah-for-wp
Installations:
3,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
2.0.2
Severity Score:
Medium
CVE:
2024-30532
- The vulnerability has been patched, so you should update to version 2.0.2.
198.
Custom WooCommerce Checkout Fields Editor
Plugin Slug:
add-fields-to-checkout-page-woocommerce
Installations:
3,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.3.1
Severity Score:
Medium
CVE:
2024-30518
- The vulnerability has been patched, so you should update to version 1.3.1.
197.
Slugs Manager: Delete Old Permalinks from WordPress Database
Plugin Slug:
remove-old-slugspermalinks
Installations:
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.7.0
Severity Score:
Medium
CVE:
2024-30536
- The vulnerability has been patched, so you should update to version 2.7.0.
196.
B Slider – Slider for your block editor
Plugin Slug:
b-slider
Installations:
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.13
Severity Score:
Medium
CVE:
2024-30432
- The vulnerability has been patched, so you should update to version 1.1.13.
195.
Paid Memberships Pro – Mailchimp Add On
Plugin Slug:
pmpro-mailchimp
Installations:
5,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.3.5
Severity Score:
Medium
CVE:
2024-30523
- The vulnerability has been patched, so you should update to version 2.3.5.
194.
Booking Activities
Plugin:
Plugin Slug:
booking-activities
Installations:
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.15.20
Severity Score:
High
CVE:
2024-30449
- The vulnerability has been patched, so you should update to version 1.15.20.
193.
Beaver Builder Addons by WPZOOM
Plugin:
Plugin Slug:
wpzoom-addons-for-beaver-builder
Installations:
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.5
Severity Score:
Medium
CVE:
2024-30424
- The vulnerability has been patched, so you should update to version 1.3.5.
192.
Sliced Invoices – WordPress Invoice Plugin
Plugin Slug:
sliced-invoices
Installations:
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.9.3
Severity Score:
Medium
CVE:
2024-30517
- The vulnerability has been patched, so you should update to version 3.9.3.
191.
Salon booking system
Plugin:
Plugin Slug:
salon-booking-system
Installations:
6,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
9.5.1
Severity Score:
Critical
CVE:
2024-30510
- The vulnerability has been patched, so you should update to version 9.5.1.
190.
Nelio Content – Best Editorial Calendar & Social Media Scheduling
Plugin Slug:
nelio-content
Installations:
6,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
3.2.1
Severity Score:
Medium
CVE:
2024-30531
- The vulnerability has been patched, so you should update to version 3.2.1.
189.
JCH Optimize
Plugin:
Plugin Slug:
jch-optimize
Installations:
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.0.1
Severity Score:
Medium
CVE:
2024-30481
- The vulnerability has been patched, so you should update to version 4.0.1.
188.
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
Plugin Slug:
dc-woocommerce-multi-vendor
Installations:
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.1.4
Severity Score:
Medium
CVE:
2024-30433
- The vulnerability has been patched, so you should update to version 4.1.4.
187.
Better Elementor Addons
Plugin:
Plugin Slug:
better-elementor-addons
Installations:
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.8
Severity Score:
Medium
CVE:
2024-30423
- The vulnerability has been patched, so you should update to version 1.3.8.
186.
Announce from the Dashboard
Plugin:
Plugin Slug:
announce-from-the-dashboard
Installations:
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.3
Severity Score:
Medium
CVE:
2024-3030
- The vulnerability has been patched, so you should update to version 1.5.3.
185.
wp-forecast
Plugin:
Plugin Slug:
wp-forecast
Installations:
7,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
9.3
Severity Score:
Medium
CVE:
2024-30429
- The vulnerability has been patched, so you should update to version 9.3.
184.
The Plus Blocks for Block Editor | Gutenberg
Plugin Slug:
the-plus-addons-for-block-editor
Installations:
7,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.6
Severity Score:
High
CVE:
2024-30435
- The vulnerability has been patched, so you should update to version 3.2.6.
183.
ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:
profilegrid-user-profiles-groups-and-communities
Installations:
7,000+
Vulnerability:
SQL Injection
Patched in Version:
5.7.9
Severity Score:
Critical
CVE:
2024-30490
- The vulnerability has been patched, so you should update to version 5.7.9.
182.
ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:
profilegrid-user-profiles-groups-and-communities
Installations:
7,000+
Vulnerability:
SQL Injection
Patched in Version:
5.7.9
Severity Score:
High
CVE:
2024-30491
- The vulnerability has been patched, so you should update to version 5.7.9.
181.
ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:
profilegrid-user-profiles-groups-and-communities
Installations:
7,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
5.7.3
Severity Score:
Medium
CVE:
2024-30513
- The vulnerability has been patched, so you should update to version 5.7.3.
180.
Hash Elements
Plugin:
Plugin Slug:
hash-elements
Installations:
7,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.4
Severity Score:
Medium
CVE:
2024-30426
- The vulnerability has been patched, so you should update to version 1.3.4.
179.
Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Plugin Slug:
finale-woocommerce-sales-countdown-timer-discount
Installations:
7,000+
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
2.18.1
Severity Score:
High
CVE:
2024-30485
- The vulnerability has been patched, so you should update to version 2.18.1.
178.
Collect.chat – Chatbot ??
Plugin:
Plugin Slug:
collectchat
Installations:
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.4.2
Severity Score:
Medium
CVE:
2024-30436
- The vulnerability has been patched, so you should update to version 2.4.2.
177.
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Plugin Slug:
wp-sms
Installations:
9,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
6.6.3
Severity Score:
Medium
CVE:
2024-30454
- The vulnerability has been patched, so you should update to version 6.6.3.
176.
WP Hotel Booking
Plugin:
Plugin Slug:
wp-hotel-booking
Installations:
9,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.0.9.3
Severity Score:
Medium
CVE:
2024-30508
- The vulnerability has been patched, so you should update to version 2.0.9.3.
175.
Media Library Folders
Plugin:
Plugin Slug:
media-library-plus
Installations:
9,000+
Vulnerability:
SQL Injection
Patched in Version:
8.1.8
Severity Score:
High
CVE:
2024-30486
- The vulnerability has been patched, so you should update to version 8.1.8.
174.
140+ Widgets | Best Addons For Elementor – FREE
Plugin Slug:
xpro-elementor-addons
Installations:
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.4.3
Severity Score:
Medium
CVE:
2024-2250
- The vulnerability has been patched, so you should update to version 1.4.3.
173.
WP Travel Engine – Best Travel Booking WordPress Plugin
Plugin Slug:
wp-travel-engine
Installations:
10,000+
Vulnerability:
SQL Injection
Patched in Version:
5.8.0
Severity Score:
Critical
CVE:
2024-30502
- The vulnerability has been patched, so you should update to version 5.8.0.
172.
WP Travel Engine – Best Travel Booking WordPress Plugin
Plugin Slug:
wp-travel-engine
Installations:
10,000+
Vulnerability:
SQL Injection
Patched in Version:
5.8.0
Severity Score:
High
CVE:
2024-30504
- The vulnerability has been patched, so you should update to version 5.8.0.
171.
VS Contact Form
Plugin:
Plugin Slug:
very-simple-contact-form
Installations:
10,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
14.8
Severity Score:
Medium
CVE:
2024-30540
- The vulnerability has been patched, so you should update to version 14.8.
170.
Simple Revisions Delete
Plugin:
Plugin Slug:
simple-revisions-delete
Installations:
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.5.4
Severity Score:
Medium
CVE:
2024-30482
- The vulnerability has been patched, so you should update to version 1.5.4.
169.
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster
Plugin Slug:
sellkit
Installations:
10,000+
Vulnerability:
Arbitrary File Download
Patched in Version:
1.8.3
Severity Score:
Medium
CVE:
2024-30509
- The vulnerability has been patched, so you should update to version 1.8.3.
168.
Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
Plugin:
Plugin Slug:
page-builder-add
Installations:
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.1.8
Severity Score:
Medium
CVE:
2024-30452
- The vulnerability has been patched, so you should update to version 1.5.1.8.
167.
Author Box, Guest Author and Co-Authors for Your Posts – Molongui
Plugin Slug:
molongui-authorship
Installations:
10,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
4.7.8
Severity Score:
Low
CVE:
2024-30507
- The vulnerability has been patched, so you should update to version 4.7.8.
166.
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Plugin Slug:
masterstudy-lms-learning-management-system
Installations:
10,000+
Vulnerability:
Local File Inclusion
Patched in Version:
3.3.1
Severity Score:
Critical
CVE:
2024-2411
- The vulnerability has been patched, so you should update to version 3.3.1.
165.
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Plugin Slug:
masterstudy-lms-learning-management-system
Installations:
10,000+
Vulnerability:
Privilege Escalation
Patched in Version:
3.3.2
Severity Score:
Critical
CVE:
2024-2409
- The vulnerability has been patched, so you should update to version 3.3.2.
164.
Mang Board WP
Plugin:
Plugin Slug:
mangboard
Installations:
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.1
Severity Score:
High
CVE:
2024-30431
- The vulnerability has been patched, so you should update to version 1.8.1.
163.
Mailster WordPress Newsletter Plugin Compatibility Tester
Plugin Slug:
mailster
Installations:
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.0.7
Severity Score:
High
CVE:
2024-30503
- The vulnerability has been patched, so you should update to version 4.0.7.
162.
LWS Optimize
Plugin:
Plugin Slug:
lws-optimize
Installations:
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2
Severity Score:
Medium
CVE:
2024-30541
- The vulnerability has been patched, so you should update to version 2.0.
161.
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin:
Plugin Slug:
gamipress
Installations:
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.9.1
Severity Score:
Medium
CVE:
2024-2783
- The vulnerability has been patched, so you should update to version 6.9.1.
160.
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin:
Plugin Slug:
gamipress
Installations:
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
6.8.6
Severity Score:
Medium
CVE:
2024-30455
- The vulnerability has been patched, so you should update to version 6.8.6.
159.
Favorites
Plugin:
Plugin Slug:
favorites
Installations:
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.4
Severity Score:
Medium
CVE:
2024-2948
- The vulnerability has been patched, so you should update to version 2.3.4.
158.
Booking Package
Plugin:
Plugin Slug:
booking-package
Installations:
10,000+
Vulnerability:
Other Vulnerability Type
Patched in Version:
1.6.29
Severity Score:
High
CVE:
2024-30516
- The vulnerability has been patched, so you should update to version 1.6.29.
157.
Awesome Support – WordPress HelpDesk & Support Plugin
Plugin Slug:
awesome-support
Installations:
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
6.1.8
Severity Score:
Medium
CVE:
2024-30539
- The vulnerability has been patched, so you should update to version 6.1.8.
156.
WordPress File Upload
Plugin:
Plugin Slug:
wp-file-upload
Installations:
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.24.6
Severity Score:
Medium
CVE:
2024-2847
- The vulnerability has been patched, so you should update to version 4.24.6.
155.
weForms – Easy Drag & Drop Contact Form Builder For WordPress
Plugin Slug:
weforms
Installations:
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.6.21
Severity Score:
Low
CVE:
2024-30512
- The vulnerability has been patched, so you should update to version 1.6.21.
154.
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
Plugin Slug:
shortpixel-adaptive-images
Installations:
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.8.3
Severity Score:
Medium
CVE:
2024-31230
- The vulnerability has been patched, so you should update to version 3.8.3.
153.
My Calendar
Plugin:
Plugin Slug:
my-calendar
Installations:
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.4.24
Severity Score:
Medium
CVE:
2024-1274
- The vulnerability has been patched, so you should update to version 3.4.24.
152.
MP3 Audio Player for Music, Radio & Podcast by Sonaar
Plugin Slug:
mp3-music-player-by-sonaar
Installations:
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.1.1
Severity Score:
High
CVE:
2024-30487
- The vulnerability has been patched, so you should update to version 5.1.1.
151.
MP3 Audio Player for Music, Radio & Podcast by Sonaar
Plugin Slug:
mp3-music-player-by-sonaar
Installations:
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.1.1
Severity Score:
Medium
CVE:
2024-30530
- The vulnerability has been patched, so you should update to version 5.1.1.
150.
Ecwid Ecommerce Shopping Cart
Plugin:
Plugin Slug:
ecwid-shopping-cart
Installations:
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.12.11
Severity Score:
Medium
CVE:
2024-2456
- The vulnerability has been patched, so you should update to version 6.12.11.
149.
Easy Appointments
Plugin:
Plugin Slug:
easy-appointments
Installations:
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.11.19
Severity Score:
Medium
CVE:
2024-2844
- The vulnerability has been patched, so you should update to version 3.11.19.
148.
Easy Appointments
Plugin:
Plugin Slug:
easy-appointments
Installations:
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.11.19
Severity Score:
Medium
CVE:
2024-2842
- The vulnerability has been patched, so you should update to version 3.11.19.
147.
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
Plugin:
Plugin Slug:
brave-popup-builder
Installations:
20,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
0.6.6
Severity Score:
Medium
CVE:
2024-30453
- The vulnerability has been patched, so you should update to version 0.6.6.
146.
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
Plugin Slug:
woo-bulk-editor
Installations:
30,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.1.4.4
Severity Score:
Medium
CVE:
2024-30463
- The vulnerability has been patched, so you should update to version 1.1.4.4.
