Blog Details

WordPress Vulnerability Report — 22. Mai 2024

In diesem Bericht wurden 153 Schwachstellen öffentlich bekannt gegeben. Sicherheitsupdates für 119 dieser Plugins und Themes sind jetzt verfügbar, daher sollten diese Updates so schnell wie möglich durchgeführt werden. Wenn Sie ein Solid Security Pro-Benutzer sind, hat das Versionsverwaltungstool Sie möglicherweise bereits gewarnt und diese Plugins je nach Ihren Einstellungen aktualisiert.

Darüber hinaus gibt es 34 Plugins und Themes mit Schwachstellen, für die noch kein Patch verfügbar ist. Wenn Sie ein Solid Security Pro-Benutzer sind, sind diese Schwachstellen bereits durch die Solid Security-Firewall geschützt. Virtuelle Patches von Patchstack werden angewendet, wenn eine Schwachstelle als hohes oder mittleres Risiko eingestuft wird. Wenn kein Patch vom Anbieter bereitgestellt wird oder die anfällige Software als „geschlossen“ markiert und aus den offiziellen WordPress-Repositories entfernt wurde, sollten Sie diese bald deaktivieren und nach alternativen Lösungen suchen.
 
 

252.

Calendarista Basic Edition

Plugin Slug:

calendarista-basic-edition

Installations:

Broken Access Control

Vulnerability:

3.0.6

Patched in Version:

Medium

Severity Score:

2024-30534

CVE:

251.

WP ERP

Plugin:

Plugin Slug:

erp

Installations:

SQL Injection

Vulnerability:

1.30.0

Patched in Version:

High

Severity Score:

2024-0952

CVE:

250.

LayerSlider

Plugin:

Plugin Slug:

layerslider

Installations:

SQL Injection

Vulnerability:

7.10.1

Patched in Version:

Critical

Severity Score:

2024-2879

CVE:

249.

Limit Attempts by BestWebSoft

Plugin Slug:

limit-attempts

Installations:

Cross Site Scripting (XSS)

Vulnerability:

1.3.0

Patched in Version:

High

Severity Score:

2024-30439

CVE:

248.

REHub Framework

Plugin:

Plugin Slug:

rehub-framework

Installations:

SQL Injection

Vulnerability:

19.6.2

Patched in Version:

High

Severity Score:

2024-31234

CVE:

247.

Slider by Supsystic

Plugin Slug:

slider-by-supsystic

Installations:

Cross Site Scripting (XSS)

Vulnerability:

1.8.11

Patched in Version:

Medium

Severity Score:

2024-30448

CVE:

246.

Wholesale For WooCommerce

Plugin Slug:

woocommerce-wholesale-pricing

Installations:

Sensitive Data Exposure

Vulnerability:

2.3.1

Patched in Version:

Medium

Severity Score:

2024-30469

CVE:

245.

WP Cost Estimation & Payment Forms Builder

Plugin Slug:

wp-estimation-form

Installations:

SQL Injection

Vulnerability:

10.1.76

Patched in Version:

High

Severity Score:

2024-30489

CVE:

244.

YITH WooCommerce Account Funds Premium

Plugin Slug:

yith-woocommerce-account-funds-premium

Installations:

Broken Access Control

Vulnerability:

1.34.0

Patched in Version:

Medium

Severity Score:

2024-30470

CVE:

243.

Creative Image Slider – Responsive Slider Plugin

Plugin Slug:

creative-image-slider

Installations:

500+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

2.5.0

Severity Score:

High

CVE:

2024-30447

242.

DELUCKS SEO

Plugin:

Plugin Slug:

delucks-seo

Installations:

600+

Vulnerability:

Broken Access Control

Patched in Version:

2.5.5

Severity Score:

Medium

CVE:

2024-30538

241.

MDTF – Meta Data and Taxonomies Filter

Plugin Slug:

wp-meta-data-filter-and-taxonomy-filter

Installations:

1,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

1.3.3.2

Severity Score:

Medium

CVE:

2024-30457

240.

WordPress CRM Plugin – WP-CRM System

Plugin Slug:

wp-crm-system

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

3.2.9.1

Severity Score:

Medium

CVE:

2024-30434

239.

Sharkdropship Dropshipping & Affiliate for for AliExpress

Plugin Slug:

wooshark-aliexpress-importer

Installations:

1,000+

Vulnerability:

Broken Access Control

Patched in Version:

2.2.5

Severity Score:

Medium

CVE:

2024-1732

238.

WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)

Installations:

1,000+

Vulnerability:

Privilege Escalation

Patched in Version:

1.3.3

Severity Score:

Critical

CVE:

2024-30542

237.

Webinar and Video Conference with Jitsi Meet – Create Branded Webinars for WordPress, Meetings & Livestreaming

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

2.6.4

Severity Score:

Medium

CVE:

2024-30437

236.

Tumult Hype Animations

Plugin Slug:

tumult-hype-animations

Installations:

1,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

1.9.12

Severity Score:

Medium

CVE:

2024-30460

235.

Tumult Hype Animations

Plugin Slug:

tumult-hype-animations

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.9.12

Severity Score:

High

CVE:

2024-30461

234.

Tainacan

Plugin:

Plugin Slug:

tainacan

Installations:

1,000+

Vulnerability:

Broken Access Control

Patched in Version:

0.20.8

Severity Score:

Medium

CVE:

2024-30529

233.

OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.1.2

Severity Score:

Medium

CVE:

2024-30450

232.

Print Page block – Print the entire page or Section.

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.0.9

Severity Score:

Medium

CVE:

2024-30438

231.

Paid Memberships Pro – Payfast Gateway Add On

Plugin Slug:

pmpro-payfast

Installations:

1,000+

Vulnerability:

Sensitive Data Exposure

Patched in Version:

1.4.2

Severity Score:

Medium

CVE:

2024-30514

230.

OSS Aliyun

Plugin:

Plugin Slug:

oss-aliyun

Installations:

1,000+

Vulnerability:

SQL Injection

Patched in Version:

1.4.11

Severity Score:

High

CVE:

2024-30494

229.

Web Icons

Plugin:

Plugin Slug:

icon

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.0.0.11

Severity Score:

Medium

CVE:

2024-30445

228.

A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

3.1.5

Severity Score:

Medium

CVE:

2024-30443

227.

FG PrestaShop to WooCommerce

Plugin Slug:

fg-prestashop-to-woocommerce

Installations:

1,000+

Vulnerability:

Sensitive Data Exposure

Patched in Version:

4.47.0

Severity Score:

Medium

CVE:

2024-30511

226.

Falang multilanguage for WordPress

Plugin Slug:

falang

Installations:

1,000+

Vulnerability:

SQL Injection

Patched in Version:

1.3.48

Severity Score:

High

CVE:

2024-30495

225.

Easy Form Builder

Plugin Slug:

easy-form-builder

Installations:

1,000+

Vulnerability:

SQL Injection

Patched in Version:

3.7.5

Severity Score:

High

CVE:

2024-30535

224.

WPCS – WordPress Currency Switcher Professional

Plugin Slug:

currency-switcher

Installations:

1,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

1.2.0.2

Severity Score:

Medium

CVE:

2024-30456

223.

Creative Addons for Elementor

Plugin Slug:

creative-addons-for-elementor

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.6.0

Severity Score:

Medium

CVE:

2024-2924

222.

Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

21.3.6

Severity Score:

High

CVE:

2024-30428

221.

Church Admin

Plugin:

Plugin Slug:

church-admin

Installations:

1,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

4.1.8

Severity Score:

Medium

CVE:

2024-30493

220.

Church Admin

Plugin:

Plugin Slug:

church-admin

Installations:

1,000+

Vulnerability:

Broken Access Control

Patched in Version:

4.1.19

Severity Score:

Medium

CVE:

2024-30505

219.

Geo Controller

Plugin:

Plugin Slug:

cf-geoplugin

Installations:

1,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

8.6.5

Severity Score:

Medium

CVE:

2024-30451

218.

Announcement & Notification Banner – Bulletin

Plugin Slug:

bulletin-announcements

Installations:

1,000+

Vulnerability:

SQL Injection

Patched in Version:

3.9.0

Severity Score:

High

CVE:

2024-30478

216.

Zotpress

Plugin:

Plugin Slug:

zotpress

Installations:

2,000+

Vulnerability:

SQL Injection

Patched in Version:

7.3.8

Severity Score:

High

CVE:

2024-30488

215.

WordPress Page Builder – Zion Builder

Plugin Slug:

zionbuilder

Installations:

2,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

3.6.10

Severity Score:

Medium

CVE:

2024-30444

214.

WPC Badge Management for WooCommerce

Plugin Slug:

wpc-badge-management

Installations:

2,000+

Vulnerability:

Broken Access Control

Patched in Version:

2.4.1

Severity Score:

Medium

CVE:

2024-30537

213.

WP Express Checkout (Accept PayPal Payments Easily)

Plugin Slug:

wp-express-checkout

Installations:

2,000+

Vulnerability:

Other Vulnerability Type

Patched in Version:

2.3.8

Severity Score:

High

CVE:

2024-30527

212.

RT Easy Builder – Advanced addons for Elementor

Plugin Slug:

rt-easy-builder-advanced-addons-for-elementor

Installations:

2,000+

Vulnerability:

Broken Access Control

Patched in Version:

2.1

Severity Score:

Medium

CVE:

2024-30484

211.

WP Responsive Tabs horizontal vertical and accordion Tabs

Plugin Slug:

responsive-horizontal-vertical-and-accordion-tabs

Installations:

2,000+

Vulnerability:

SQL Injection

Patched in Version:

1.1.18

Severity Score:

High

CVE:

2024-30497

210.

Layouts for Elementor

Plugin Slug:

layouts-for-elementor

Installations:

2,000+

Vulnerability:

Arbitrary File Upload

Patched in Version:

1.8

Severity Score:

High

CVE:

2024-30533

209.

CRM Perks Forms – WordPress Form Builder

Plugin Slug:

crm-perks-forms

Installations:

2,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.1.5

Severity Score:

Medium

CVE:

2024-30446

208.

CRM Perks Forms – WordPress Form Builder

Plugin Slug:

crm-perks-forms

Installations:

2,000+

Vulnerability:

SQL Injection

Patched in Version:

1.1.5

Severity Score:

Critical

CVE:

2024-30498

207.

CRM Perks Forms – WordPress Form Builder

Plugin Slug:

crm-perks-forms

Installations:

2,000+

Vulnerability:

SQL Injection

Patched in Version:

1.1.5

Severity Score:

High

CVE:

2024-30499

206.

Product Sort and Display for WooCommerce

Plugin Slug:

woocommerce-product-sort-and-display

Installations:

3,000+

Vulnerability:

Broken Access Control

Patched in Version:

2.4.2

Severity Score:

Medium

CVE:

2024-1807

205.

Themify Event Post

Plugin Slug:

themify-event-post

Installations:

3,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.2.8

Severity Score:

Medium

CVE:

2024-30440

204.

Spiffy Calendar

Plugin:

Plugin Slug:

spiffy-calendar

Installations:

3,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

4.9.10

Severity Score:

Medium

CVE:

2024-30427

203.

Spiffy Calendar

Plugin:

Plugin Slug:

spiffy-calendar

Installations:

3,000+

Vulnerability:

Broken Access Control

Patched in Version:

4.9.11

Severity Score:

Medium

CVE:

2024-30528

202.

Move Addons for Elementor

Plugin Slug:

move-addons

Installations:

3,000+

Vulnerability:

Broken Access Control

Patched in Version:

1.3.0

Severity Score:

Medium

CVE:

2024-30525

201.

Landingi Landing Pages

Plugin Slug:

landingi-landing-pages

Installations:

3,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

3.1.2

Severity Score:

Medium

CVE:

2024-30521

200.

CubeWP – All-in-One Dynamic Content Framework

Plugin Slug:

cubewp-framework

Installations:

3,000+

Vulnerability:

Arbitrary File Upload

Patched in Version:

1.1.13

Severity Score:

Critical

CVE:

2024-30500

199.

Builderall Builder for WordPress

Plugin Slug:

builderall-cheetah-for-wp

Installations:

3,000+

Vulnerability:

Server Side Request Forgery (SSRF)

Patched in Version:

2.0.2

Severity Score:

Medium

CVE:

2024-30532

198.

Custom WooCommerce Checkout Fields Editor

Plugin Slug:

add-fields-to-checkout-page-woocommerce

Installations:

3,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

1.3.1

Severity Score:

Medium

CVE:

2024-30518

197.

Slugs Manager: Delete Old Permalinks from WordPress Database

Plugin Slug:

remove-old-slugspermalinks

Installations:

4,000+

Vulnerability:

Cross Site Request Forgery (CSRF)

Patched in Version:

2.7.0

Severity Score:

Medium

CVE:

2024-30536

196.

B Slider – Slider for your block editor

Plugin Slug:

b-slider

Installations:

4,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.1.13

Severity Score:

Medium

CVE:

2024-30432

195.

Paid Memberships Pro – Mailchimp Add On

Plugin Slug:

pmpro-mailchimp

Installations:

5,000+

Vulnerability:

Sensitive Data Exposure

Patched in Version:

2.3.5

Severity Score:

Medium

CVE:

2024-30523

194.

Booking Activities

Plugin Slug:

booking-activities

Installations:

5,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.15.20

Severity Score:

High

CVE:

2024-30449

193.

Beaver Builder Addons by WPZOOM

Plugin Slug:

wpzoom-addons-for-beaver-builder

Installations:

6,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.3.5

Severity Score:

Medium

CVE:

2024-30424

192.

Sliced Invoices – WordPress Invoice Plugin

Plugin Slug:

sliced-invoices

Installations:

6,000+

Vulnerability:

Broken Access Control

Patched in Version:

3.9.3

Severity Score:

Medium

CVE:

2024-30517

191.

Salon booking system

Plugin Slug:

salon-booking-system

Installations:

6,000+

Vulnerability:

Arbitrary File Upload

Patched in Version:

9.5.1

Severity Score:

Critical

CVE:

2024-30510

190.

Nelio Content – Best Editorial Calendar & Social Media Scheduling

Installations:

6,000+

Vulnerability:

Server Side Request Forgery (SSRF)

Patched in Version:

3.2.1

Severity Score:

Medium

CVE:

2024-30531

189.

JCH Optimize

Plugin:

Plugin Slug:

jch-optimize

Installations:

6,000+

Vulnerability:

Broken Access Control

Patched in Version:

4.0.1

Severity Score:

Medium

CVE:

2024-30481

188.

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Plugin Slug:

dc-woocommerce-multi-vendor

Installations:

6,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

4.1.4

Severity Score:

Medium

CVE:

2024-30433

187.

Better Elementor Addons

Plugin Slug:

better-elementor-addons

Installations:

6,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.3.8

Severity Score:

Medium

CVE:

2024-30423

186.

Announce from the Dashboard

Plugin Slug:

announce-from-the-dashboard

Installations:

6,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

1.5.3

Severity Score:

Medium

CVE:

2024-3030

185.

wp-forecast

Plugin:

Plugin Slug:

wp-forecast

Installations:

7,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

9.3

Severity Score:

Medium

CVE:

2024-30429

184.

The Plus Blocks for Block Editor | Gutenberg

Plugin Slug:

the-plus-addons-for-block-editor

Installations:

7,000+

Vulnerability:

Cross Site Scripting (XSS)

Patched in Version:

3.2.6

Severity Score:

High

CVE:

2024-30435

183.

ProfileGrid – User Profiles, Memberships, Groups and Communities

Plugin Slug:

profilegrid-user-profiles-groups-and-communities

Installations:

7,000+

Vulnerability:

SQL Injection

Patched in Version:

5.7.9

Severity Score:

Critical

CVE:

2024-30490

182.

ProfileGrid – User Profiles, Memberships, Groups and Communities

Plugin Slug:

profilegrid-user-profiles-groups-and-communities

Installations:

7,000+

Vulnerability:

SQL Injection