Blog Details

WordPress Vulnerability Report — 22. Mai 2024

In diesem Bericht wurden 153 Schwachstellen öffentlich bekannt gegeben. Sicherheitsupdates für 119 dieser Plugins und Themes sind jetzt verfügbar, daher sollten diese Updates so schnell wie möglich durchgeführt werden. Wenn Sie ein Solid Security Pro-Benutzer sind, hat das Versionsverwaltungstool Sie möglicherweise bereits gewarnt und diese Plugins je nach Ihren Einstellungen aktualisiert.

Darüber hinaus gibt es 34 Plugins und Themes mit Schwachstellen, für die noch kein Patch verfügbar ist. Wenn Sie ein Solid Security Pro-Benutzer sind, sind diese Schwachstellen bereits durch die Solid Security-Firewall geschützt. Virtuelle Patches von Patchstack werden angewendet, wenn eine Schwachstelle als hohes oder mittleres Risiko eingestuft wird. Wenn kein Patch vom Anbieter bereitgestellt wird oder die anfällige Software als „geschlossen“ markiert und aus den offiziellen WordPress-Repositories entfernt wurde, sollten Sie diese bald deaktivieren und nach alternativen Lösungen suchen.
 
 

252.

Calendarista Basic Edition

Plugin Slug:

calendarista-basic-edition

Installations:

Broken Access Control

Vulnerability:

3.0.6

Patched in Version:

Medium

Severity Score:

2024-30534

CVE:

251.

WP ERP

Plugin:

Plugin Slug:

erp

Installations:

SQL Injection

Vulnerability:

1.30.0

Patched in Version:

High

Severity Score:

2024-0952

CVE:

250.

LayerSlider

Plugin:

Plugin Slug:

layerslider

Installations:

SQL Injection

Vulnerability:

7.10.1

Patched in Version:

Critical

Severity Score:

2024-2879

CVE:

249.

Limit Attempts by BestWebSoft

Plugin Slug:

limit-attempts

Installations:

Cross Site Scripting (XSS)

Vulnerability:

1.3.0

Patched in Version:

High

Severity Score:

2024-30439

CVE:

248.

REHub Framework

Plugin:

Plugin Slug:

rehub-framework

Installations:

SQL Injection

Vulnerability:

19.6.2

Patched in Version:

High

Severity Score:

2024-31234

CVE:

247.

Slider by Supsystic

Plugin Slug:

slider-by-supsystic

Installations:

Cross Site Scripting (XSS)

Vulnerability:

1.8.11

Patched in Version:

Medium

Severity Score:

2024-30448

CVE:

246.

Wholesale For WooCommerce

Plugin Slug:

woocommerce-wholesale-pricing

Installations:

Sensitive Data Exposure

Vulnerability:

2.3.1

Patched in Version:

Medium

Severity Score:

2024-30469

CVE:

245.

WP Cost Estimation & Payment Forms Builder

Plugin Slug:

wp-estimation-form

Installations:

SQL Injection

Vulnerability:

10.1.76

Patched in Version:

High

Severity Score:

2024-30489

CVE:

244.

YITH WooCommerce Account Funds Premium

Plugin Slug:

yith-woocommerce-account-funds-premium

Installations:

Broken Access Control

Vulnerability:

1.34.0

Patched in Version:

Medium

Severity Score:

2024-30470

CVE:

243.

Creative Image Slider – Responsive Slider Plugin

Plugin Slug:

creative-image-slider

Installations:

500+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

2.5.0

Severity Score:

High

CVE:

2024-30447

242.

DELUCKS SEO

Plugin:

Plugin Slug:

delucks-seo

Installations:

600+

Vulnerability:

Broken Access Control

Patched in Version:

2.5.5

Severity Score:

Medium

CVE:

2024-30538

241.

MDTF – Meta Data and Taxonomies Filter

Plugin Slug:

wp-meta-data-filter-and-taxonomy-filter

Installations:

1,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

1.3.3.2

Severity Score:

Medium

CVE:

2024-30457

240.

WordPress CRM Plugin – WP-CRM System

Plugin Slug:

wp-crm-system

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

3.2.9.1

Severity Score:

Medium

CVE:

2024-30434

239.

Sharkdropship Dropshipping & Affiliate for for AliExpress

Plugin Slug:

wooshark-aliexpress-importer

Installations:

1,000+

Vulnerability:

Broken Access Control

Patched in Version:

2.2.5

Severity Score:

Medium

CVE:

2024-1732

238.

WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)

Installations:

1,000+

Vulnerability:

Privilege Escalation

Patched in Version:

1.3.3

Severity Score:

Critical

CVE:

2024-30542

237.

Webinar and Video Conference with Jitsi Meet – Create Branded Webinars for WordPress, Meetings & Livestreaming

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

2.6.4

Severity Score:

Medium

CVE:

2024-30437

236.

Tumult Hype Animations

Plugin Slug:

tumult-hype-animations

Installations:

1,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

1.9.12

Severity Score:

Medium

CVE:

2024-30460

235.

Tumult Hype Animations

Plugin Slug:

tumult-hype-animations

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.9.12

Severity Score:

High

CVE:

2024-30461

234.

Tainacan

Plugin:

Plugin Slug:

tainacan

Installations:

1,000+

Vulnerability:

Broken Access Control

Patched in Version:

0.20.8

Severity Score:

Medium

CVE:

2024-30529

233.

OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.1.2

Severity Score:

Medium

CVE:

2024-30450

232.

Print Page block – Print the entire page or Section.

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.0.9

Severity Score:

Medium

CVE:

2024-30438

231.

Paid Memberships Pro – Payfast Gateway Add On

Plugin Slug:

pmpro-payfast

Installations:

1,000+

Vulnerability:

Sensitive Data Exposure

Patched in Version:

1.4.2

Severity Score:

Medium

CVE:

2024-30514

230.

OSS Aliyun

Plugin:

Plugin Slug:

oss-aliyun

Installations:

1,000+

Vulnerability:

SQL Injection

Patched in Version:

1.4.11

Severity Score:

High

CVE:

2024-30494

229.

Web Icons

Plugin:

Plugin Slug:

icon

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.0.0.11

Severity Score:

Medium

CVE:

2024-30445

228.

A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

3.1.5

Severity Score:

Medium

CVE:

2024-30443

227.

FG PrestaShop to WooCommerce

Plugin Slug:

fg-prestashop-to-woocommerce

Installations:

1,000+

Vulnerability:

Sensitive Data Exposure

Patched in Version:

4.47.0

Severity Score:

Medium

CVE:

2024-30511

226.

Falang multilanguage for WordPress

Plugin Slug:

falang

Installations:

1,000+

Vulnerability:

SQL Injection

Patched in Version:

1.3.48

Severity Score:

High

CVE:

2024-30495

225.

Easy Form Builder

Plugin Slug:

easy-form-builder

Installations:

1,000+

Vulnerability:

SQL Injection

Patched in Version:

3.7.5

Severity Score:

High

CVE:

2024-30535

224.

WPCS – WordPress Currency Switcher Professional

Plugin Slug:

currency-switcher

Installations:

1,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

1.2.0.2

Severity Score:

Medium

CVE:

2024-30456

223.

Creative Addons for Elementor

Plugin Slug:

creative-addons-for-elementor

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.6.0

Severity Score:

Medium

CVE:

2024-2924

222.

Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

21.3.6

Severity Score:

High

CVE:

2024-30428

221.

Church Admin

Plugin:

Plugin Slug:

church-admin

Installations:

1,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

4.1.8

Severity Score:

Medium

CVE:

2024-30493

220.

Church Admin

Plugin:

Plugin Slug:

church-admin

Installations:

1,000+

Vulnerability:

Broken Access Control

Patched in Version:

4.1.19

Severity Score:

Medium

CVE:

2024-30505

219.

Geo Controller

Plugin:

Plugin Slug:

cf-geoplugin

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

8.6.5

Severity Score:

Medium

CVE:

2024-30451

218.

Announcement & Notification Banner – Bulletin

Plugin Slug:

bulletin-announcements

Installations:

1,000+

Vulnerability:

SQL Injection

Patched in Version:

3.9.0

Severity Score:

High

CVE:

2024-30478

216.

Zotpress

Plugin:

Plugin Slug:

zotpress

Installations:

2,000+

Vulnerability:

SQL Injection

Patched in Version:

7.3.8

Severity Score:

High

CVE:

2024-30488

215.

WordPress Page Builder – Zion Builder

Plugin Slug:

zionbuilder

Installations:

2,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

3.6.10

Severity Score:

Medium

CVE:

2024-30444

214.

WPC Badge Management for WooCommerce

Plugin Slug:

wpc-badge-management

Installations:

2,000+

Vulnerability:

Broken Access Control

Patched in Version:

2.4.1

Severity Score:

Medium

CVE:

2024-30537

213.

WP Express Checkout (Accept PayPal Payments Easily)

Plugin Slug:

wp-express-checkout

Installations:

2,000+

Vulnerability:

Other Vulnerability Type

Patched in Version:

2.3.8

Severity Score:

High

CVE:

2024-30527

212.

RT Easy Builder – Advanced addons for Elementor

Plugin Slug:

rt-easy-builder-advanced-addons-for-elementor

Installations:

2,000+

Vulnerability:

Broken Access Control

Patched in Version:

2.1

Severity Score:

Medium

CVE:

2024-30484

211.

WP Responsive Tabs horizontal vertical and accordion Tabs

Plugin Slug:

responsive-horizontal-vertical-and-accordion-tabs

Installations:

2,000+

Vulnerability:

SQL Injection

Patched in Version:

1.1.18

Severity Score:

High

CVE:

2024-30497

210.

Layouts for Elementor

Plugin Slug:

layouts-for-elementor

Installations:

2,000+

Vulnerability:

Arbitrary File Upload

Patched in Version:

1.8

Severity Score:

High

CVE:

2024-30533

209.

CRM Perks Forms – WordPress Form Builder

Plugin Slug:

crm-perks-forms

Installations:

2,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.1.5

Severity Score:

Medium

CVE:

2024-30446

208.

CRM Perks Forms – WordPress Form Builder

Plugin Slug:

crm-perks-forms

Installations:

2,000+

Vulnerability:

SQL Injection

Patched in Version:

1.1.5

Severity Score:

Critical

CVE:

2024-30498

207.

CRM Perks Forms – WordPress Form Builder

Plugin Slug:

crm-perks-forms

Installations:

2,000+

Vulnerability:

SQL Injection

Patched in Version:

1.1.5

Severity Score:

High

CVE:

2024-30499

206.

Product Sort and Display for WooCommerce

Plugin Slug:

woocommerce-product-sort-and-display

Installations:

3,000+

Vulnerability:

Broken Access Control

Patched in Version:

2.4.2

Severity Score:

Medium

CVE:

2024-1807

205.

Themify Event Post

Plugin Slug:

themify-event-post

Installations:

3,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.2.8

Severity Score:

Medium

CVE:

2024-30440

204.

Spiffy Calendar

Plugin:

Plugin Slug:

spiffy-calendar

Installations:

3,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

4.9.10

Severity Score:

Medium

CVE:

2024-30427

203.

Spiffy Calendar

Plugin:

Plugin Slug:

spiffy-calendar

Installations:

3,000+

Vulnerability:

Broken Access Control

Patched in Version:

4.9.11

Severity Score:

Medium

CVE:

2024-30528

202.

Move Addons for Elementor

Plugin Slug:

move-addons

Installations:

3,000+

Vulnerability:

Broken Access Control

Patched in Version:

1.3.0

Severity Score:

Medium

CVE:

2024-30525

201.

Landingi Landing Pages

Plugin Slug:

landingi-landing-pages

Installations:

3,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

3.1.2

Severity Score:

Medium

CVE:

2024-30521

200.

CubeWP – All-in-One Dynamic Content Framework

Plugin Slug:

cubewp-framework

Installations:

3,000+

Vulnerability:

Arbitrary File Upload

Patched in Version:

1.1.13

Severity Score:

Critical

CVE:

2024-30500

199.

Builderall Builder for WordPress

Plugin Slug:

builderall-cheetah-for-wp

Installations:

3,000+

Vulnerability:

Server Side Request Forgery (SSRF)

Patched in Version:

2.0.2

Severity Score:

Medium

CVE:

2024-30532

198.

Custom WooCommerce Checkout Fields Editor

Plugin Slug:

add-fields-to-checkout-page-woocommerce

Installations:

3,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

1.3.1

Severity Score:

Medium

CVE:

2024-30518

197.

Slugs Manager: Delete Old Permalinks from WordPress Database

Plugin Slug:

remove-old-slugspermalinks

Installations:

4,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

2.7.0

Severity Score:

Medium

CVE:

2024-30536

196.

B Slider – Slider for your block editor

Plugin Slug:

b-slider

Installations:

4,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.1.13

Severity Score:

Medium

CVE:

2024-30432

195.

Paid Memberships Pro – Mailchimp Add On

Plugin Slug:

pmpro-mailchimp

Installations:

5,000+

Vulnerability:

Sensitive Data Exposure

Patched in Version:

2.3.5

Severity Score:

Medium

CVE:

2024-30523

194.

Booking Activities

Plugin Slug:

booking-activities

Installations:

5,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.15.20

Severity Score:

High

CVE:

2024-30449

193.

Beaver Builder Addons by WPZOOM

Plugin Slug:

wpzoom-addons-for-beaver-builder

Installations:

6,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.3.5

Severity Score:

Medium

CVE:

2024-30424

192.

Sliced Invoices – WordPress Invoice Plugin

Plugin Slug:

sliced-invoices

Installations:

6,000+

Vulnerability:

Broken Access Control

Patched in Version:

3.9.3

Severity Score:

Medium

CVE:

2024-30517

191.

Salon booking system

Plugin Slug:

salon-booking-system

Installations:

6,000+

Vulnerability:

Arbitrary File Upload

Patched in Version:

9.5.1

Severity Score:

Critical

CVE:

2024-30510

190.

Nelio Content – Best Editorial Calendar & Social Media Scheduling

Installations:

6,000+

Vulnerability:

Server Side Request Forgery (SSRF)

Patched in Version:

3.2.1

Severity Score:

Medium

CVE:

2024-30531

189.

JCH Optimize

Plugin:

Plugin Slug:

jch-optimize

Installations:

6,000+

Vulnerability:

Broken Access Control

Patched in Version:

4.0.1

Severity Score:

Medium

CVE:

2024-30481

188.

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Plugin Slug:

dc-woocommerce-multi-vendor

Installations:

6,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

4.1.4

Severity Score:

Medium

CVE:

2024-30433

187.

Better Elementor Addons

Plugin Slug:

better-elementor-addons

Installations:

6,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.3.8

Severity Score:

Medium

CVE:

2024-30423

186.

Announce from the Dashboard

Plugin Slug:

announce-from-the-dashboard

Installations:

6,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.5.3

Severity Score:

Medium

CVE:

2024-3030

185.

wp-forecast

Plugin:

Plugin Slug:

wp-forecast

Installations:

7,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

9.3

Severity Score:

Medium

CVE:

2024-30429

184.

The Plus Blocks for Block Editor | Gutenberg

Plugin Slug:

the-plus-addons-for-block-editor

Installations:

7,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

3.2.6

Severity Score:

High

CVE:

2024-30435

183.

ProfileGrid – User Profiles, Memberships, Groups and Communities

Plugin Slug:

profilegrid-user-profiles-groups-and-communities

Installations:

7,000+

Vulnerability:

SQL Injection

Patched in Version:

5.7.9

Severity Score:

Critical

CVE:

2024-30490

182.

ProfileGrid – User Profiles, Memberships, Groups and Communities

Plugin Slug:

profilegrid-user-profiles-groups-and-communities

Installations:

7,000+

Vulnerability:

SQL Injection

Patched in Version:

5.7.9

Severity Score:

High

CVE:

2024-30491

181.

ProfileGrid – User Profiles, Memberships, Groups and Communities

Plugin Slug:

profilegrid-user-profiles-groups-and-communities

Installations:

7,000+

Vulnerability:

Insecure Direct Object References (IDOR)

Patched in Version:

5.7.3

Severity Score:

Medium

CVE:

2024-30513

180.

Hash Elements

Plugin:

Plugin Slug:

hash-elements

Installations:

7,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.3.4

Severity Score:

Medium

CVE:

2024-30426

179.

Finale Lite – Sales Countdown Timer & Discount for WooCommerce

Plugin Slug:

finale-woocommerce-sales-countdown-timer-discount

Installations:

7,000+

Vulnerability:

Remote Code Execution (RCE)

Patched in Version:

2.18.1

Severity Score:

High

CVE:

2024-30485

178.

Collect.chat – Chatbot ??

Plugin Slug:

collectchat

Installations:

8,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

2.4.2

Severity Score:

Medium

CVE:

2024-30436

177.

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Installations:

9,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

6.6.3

Severity Score:

Medium

CVE:

2024-30454

176.

WP Hotel Booking

Plugin Slug:

wp-hotel-booking

Installations:

9,000+

Vulnerability:

Broken Access Control

Patched in Version:

2.0.9.3

Severity Score:

Medium

CVE:

2024-30508

175.

Media Library Folders

Plugin Slug:

media-library-plus

Installations:

9,000+

Vulnerability:

SQL Injection

Patched in Version:

8.1.8

Severity Score:

High

CVE:

2024-30486

174.

140+ Widgets | Best Addons For Elementor – FREE

Plugin Slug:

xpro-elementor-addons

Installations:

10,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.4.3

Severity Score:

Medium

CVE:

2024-2250

173.

WP Travel Engine – Best Travel Booking WordPress Plugin

Plugin Slug:

wp-travel-engine

Installations:

10,000+

Vulnerability:

SQL Injection

Patched in Version:

5.8.0

Severity Score:

Critical

CVE:

2024-30502

172.

WP Travel Engine – Best Travel Booking WordPress Plugin

Plugin Slug:

wp-travel-engine

Installations:

10,000+

Vulnerability:

SQL Injection

Patched in Version:

5.8.0

Severity Score:

High

CVE:

2024-30504

171.

VS Contact Form

Plugin:

Plugin Slug:

very-simple-contact-form

Installations:

10,000+

Vulnerability:

Bypass Vulnerability

Patched in Version:

14.8

Severity Score:

Medium

CVE:

2024-30540

170.

Simple Revisions Delete

Plugin Slug:

simple-revisions-delete

Installations:

10,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

1.5.4

Severity Score:

Medium

CVE:

2024-30482

169.

SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster

Installations:

10,000+

Vulnerability:

Arbitrary File Download

Patched in Version:

1.8.3

Severity Score:

Medium

CVE:

2024-30509

168.

Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages

Installations:

10,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.5.1.8

Severity Score:

Medium

CVE:

2024-30452

167.

Author Box, Guest Author and Co-Authors for Your Posts – Molongui

Installations:

10,000+

Vulnerability:

Insecure Direct Object References (IDOR)

Patched in Version:

4.7.8

Severity Score:

Low

CVE:

2024-30507

166.

MasterStudy LMS WordPress Plugin – for Online Courses and Education

Plugin Slug:

masterstudy-lms-learning-management-system

Installations:

10,000+

Vulnerability:

Local File Inclusion

Patched in Version:

3.3.1

Severity Score:

Critical

CVE:

2024-2411

165.

MasterStudy LMS WordPress Plugin – for Online Courses and Education

Plugin Slug:

masterstudy-lms-learning-management-system

Installations:

10,000+

Vulnerability:

Privilege Escalation

Patched in Version:

3.3.2

Severity Score:

Critical

CVE:

2024-2409

164.

Mang Board WP

Plugin:

Plugin Slug:

mangboard

Installations:

10,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.8.1

Severity Score:

High

CVE:

2024-30431

163.

Mailster WordPress Newsletter Plugin Compatibility Tester

Installations:

10,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

4.0.7

Severity Score:

High

CVE:

2024-30503

162.

LWS Optimize

Plugin:

Plugin Slug:

lws-optimize

Installations:

10,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

2

Severity Score:

Medium

CVE:

2024-30541

161.

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

Installations:

10,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

6.9.1

Severity Score:

Medium

CVE:

2024-2783

160.

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

Installations:

10,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

6.8.6

Severity Score:

Medium

CVE:

2024-30455

159.

Favorites

Plugin:

Plugin Slug:

favorites

Installations:

10,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

2.3.4

Severity Score:

Medium

CVE:

2024-2948

158.

Booking Package

Plugin:

Plugin Slug:

booking-package

Installations:

10,000+

Vulnerability:

Other Vulnerability Type

Patched in Version:

1.6.29

Severity Score:

High

CVE:

2024-30516

157.

Awesome Support – WordPress HelpDesk & Support Plugin

Plugin Slug:

awesome-support

Installations:

10,000+

Vulnerability:

Broken Access Control

Patched in Version:

6.1.8

Severity Score:

Medium

CVE:

2024-30539

156.

WordPress File Upload

Plugin Slug:

wp-file-upload

Installations:

20,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

4.24.6

Severity Score:

Medium

CVE:

2024-2847

155.

weForms – Easy Drag & Drop Contact Form Builder For WordPress

Installations:

20,000+

Vulnerability:

Broken Access Control

Patched in Version:

1.6.21

Severity Score:

Low

CVE:

2024-30512

154.

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin Slug:

shortpixel-adaptive-images

Installations:

20,000+

Vulnerability:

Broken Access Control

Patched in Version:

3.8.3

Severity Score:

Medium

CVE:

2024-31230

153.

My Calendar

Plugin:

Plugin Slug:

my-calendar

Installations:

20,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

3.4.24

Severity Score:

Medium

CVE:

2024-1274

152.

MP3 Audio Player for Music, Radio & Podcast by Sonaar

Plugin Slug:

mp3-music-player-by-sonaar

Installations:

20,000+

Vulnerability:

Broken Access Control

Patched in Version:

5.1.1

Severity Score:

High

CVE:

2024-30487

151.

MP3 Audio Player for Music, Radio & Podcast by Sonaar

Plugin Slug:

mp3-music-player-by-sonaar

Installations:

20,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

5.1.1

Severity Score:

Medium

CVE:

2024-30530

150.

Ecwid Ecommerce Shopping Cart

Plugin Slug:

ecwid-shopping-cart

Installations:

20,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

6.12.11

Severity Score:

Medium

CVE:

2024-2456

149.

Easy Appointments

Plugin Slug:

easy-appointments

Installations:

20,000+

Vulnerability:

Broken Access Control

Patched in Version:

3.11.19

Severity Score:

Medium

CVE:

2024-2844

148.

Easy Appointments

Plugin Slug:

easy-appointments

Installations:

20,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

3.11.19

Severity Score:

Medium

CVE:

2024-2842

147.

Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content

Installations:

20,000+

Vulnerability:

Server Side Request Forgery (SSRF)

Patched in Version:

0.6.6

Severity Score:

Medium

CVE:

2024-30453

146.

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

Installations:

30,000+

Vulnerability:

Broken Access Control

Patched in Version:

1.1.4.4

Severity Score:

Medium

CVE:

2024-30463