WordPress Vulnerability Report — February 14, 2024

WordPress Vulnerability Report — February 14, 2024 Since last week, 146 new vulnerabilities emerged in the WordPress ecosystem, including 3 in themes and 143 in plugins. 28 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack. In this report, 146 vulnerabilities have been publicly disclosed. Security patches for 118 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings. Additionally, there are 28 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions. WordPress Core WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately. The next major release will be version 6.5, planned for March 26, 2024. WordPress Plugins — 117 Patched / 26 Unpatched Malware Scanner Plugin: Malware Scanner Plugin Slug: miniorange-malware-protection Installations 10,000+ Vulnerability: SQL Injection Patched in Version: No Fix Severity Score: High CVE: 2024-25902 Multi Step Form Plugin: Multi Step Form Plugin Slug: multi-step-form Installations 10,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25905 Comments Like Dislike Plugin: Comments Like Dislike Plugin Slug: comments-like-dislike Installations 9,000+ Vulnerability: Bypass Vulnerability Patched in Version: No Fix Severity Score: Medium CVE: 2024-25906 PJ News Ticker Plugin: PJ News Ticker Plugin Slug: pj-news-ticker Installations 5,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25094 TinyMCE and TinyMCE Advanced Professsional Formats and Styles Plugin Slug: tinymce-and-tinymce-advanced-professsional-formats-and-styles Installations 3,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25904 WP Contact Form Plugin: WP Contact Form Plugin Slug: wp-contact-form Installations 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2024-24929 Before After Image Slider WP Plugin: Before After Image Slider WP Plugin Slug: before-after-image-slider Installations 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2024-24931 Content Cards Plugin: Content Cards Plugin Slug: content-cards Installations 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2024-24928 MyWaze Plugin: MyWaze Plugin Slug: my-waze Installations 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25594 PB oEmbed HTML5 Audio – with Cache Support Plugin Slug: pb-oembed-html5-audio-with-cache-support Installations 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25098 Canto Plugin: Canto Plugin Slug: canto Installations 100+ Vulnerability: Remote Code Execution (RCE) Patched in Version: No Fix Severity Score: Critical CVE: 2024-25096 Buttons Shortcode and Widget Plugin: Buttons Shortcode and Widget Plugin Slug: buttons-shortcode-and-widget Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2024-24930 Coupon Referral Program Plugin: Coupon Referral Program Plugin Slug: coupon-referral-program Vulnerability: PHP Object Injection Patched in Version: No Fix Severity Score: Critical CVE: 2024-25100 GigPress Plugin: GigPress Plugin Slug: gigpress Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-7233 Honeypot for WP Comment Plugin: Honeypot for WP Comment Plugin Slug: honeypot-for-wp-comment Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2024-24933 Honeypot for WP Comment Plugin: Honeypot for WP Comment Plugin Slug: honeypot-for-wp-comment Vulnerability: Arbitrary File Deletion Patched in Version: No Fix Severity Score: Medium CVE: 2024-1350 MoveTo Plugin: MoveTo Plugin Slug: moveto Vulnerability: Arbitrary File Upload Patched in Version: No Fix Severity Score: Critical CVE: 2024-25913 MoveTo Plugin: MoveTo Plugin Slug: moveto Vulnerability: Settings Change Patched in Version: No Fix Severity Score: Critical CVE: 2024-25912 MoveTo Plugin: MoveTo Plugin Slug: moveto Vulnerability: Denial of Service Attack Patched in Version: No Fix Severity Score: High CVE: 2024-25911 MoveTo Plugin: MoveTo Plugin Slug: moveto Vulnerability: SQL Injection Patched in Version: No Fix Severity Score: Critical CVE: 2024-25910 Payment Forms for Paystack Plugin: Payment Forms for Paystack Plugin Slug: payment-forms-for-paystack Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-5665 SMTP Mail Plugin: SMTP Mail Plugin Slug: smtp-mail Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25914 VK Poster Group Plugin: VK Poster Group Plugin Slug: vk-poster-group Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2024-24932 Pexels: Free Stock Photos Plugin: Pexels: Free Stock Photos Plugin Slug: wp-pexels-free-stock-photos Vulnerability: Server Side Request Forgery (SSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25915 Basic Log Viewer Plugin: Basic Log Viewer Plugin Slug: wpsimpletools-log-viewer Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2024-24935 Easy Forms for Mailchimp Plugin: Easy Forms for Mailchimp Plugin Slug: yikes-inc-easy-mailchimp-extender Vulnerability: Sensitive Data Exposure Patched in Version: No Fix Severity Score: High CVE: 2024-25095 Elementor Website Builder – More than Just a Page Builder Plugin Slug: elementor Installations 5,000,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.19.0 Severity Score: Medium CVE: 2024-0506 Elementor Website Builder – More than Just a Page Builder Plugin Slug: elementor Installations 5,000,000+ Vulnerability: Arbitrary File Deletion Patched in Version: 3.19.1 Severity Score: High CVE: 2024-24934 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin Slug: essential-addons-for-elementor-lite Installations 2,000,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.9.9 Severity Score: Medium CVE: 2024-1171 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin Slug: essential-addons-for-elementor-lite Installations 2,000,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.9.9 Severity Score: Medium CVE: 2024-1172 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin Slug: essential-addons-for-elementor-lite Installations 2,000,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.9.9 Severity Score: Medium CVE: 2024-1276 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin Slug: essential-addons-for-elementor-lite Installations 2,000,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.9.9 Severity Score: Medium CVE: 2024-1236 All-In-One Security (AIOS) – Security and Firewall Plugin Slug: all-in-one-wp-security-and-firewall Installations 1,000,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.2.6 Severity Score: High CVE: 2024-1037 Broken Link Checker Plugin: Broken Link Checker Plugin Slug: broken-link-checker Installations 700,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.2.4 Severity Score: Medium CVE: 2024-25592 Meta Box – WordPress Custom Fields Framework Plugin Slug: meta-box Installations 700,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.9.3 Severity Score: Medium CVE: 2023-6526 WP Shortcodes Plugin — Shortcodes Ultimate Plugin Slug: shortcodes-ultimate Installations 600,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 7.0.2 Severity Score: Medium CVE: 2024-0792 SiteOrigin Widgets Bundle Plugin: SiteOrigin Widgets Bundle Plugin Slug: so-widgets-bundle Installations 600,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.58.3 Severity Score: Medium CVE: 2024-1070 SiteOrigin Widgets Bundle Plugin: SiteOrigin Widgets Bundle Plugin Slug: so-widgets-bundle Installations 600,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.58.4 Severity Score: Medium CVE: 2024-1058 Admin Menu Editor Plugin: Admin Menu Editor Plugin Slug: admin-menu-editor Installations 400,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 1.12.1 Severity Score: Medium CVE: 2024-24876 Royal Elementor Addons and Templates Plugin Slug: royal-elementor-addons Installations 300,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.3.88 Severity Score: Medium CVE: 2024-0442 Royal Elementor Addons and Templates Plugin Slug: royal-elementor-addons Installations 300,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 1.3.88 Severity Score: Medium CVE: 2024-0512 Royal Elementor Addons and Templates Plugin Slug: royal-elementor-addons Installations 300,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 1.3.88 Severity Score: Medium CVE: 2024-0511 Royal Elementor Addons and Templates Plugin Slug: royal-elementor-addons Installations 300,000+ Vulnerability: Broken Access Control Patched in Version: 1.3.81 Severity Score: Medium CVE: 2023-5922 Backuply – Backup, Restore, Migrate and Clone Plugin Slug: backuply Installations 200,000+ Vulnerability: Denial of Service Attack Patched in Version: 1.2.6 Severity Score: High CVE: 2024-0842 InfiniteWP Client Plugin: InfiniteWP Client Plugin Slug: iwp-client Installations 200,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 1.12.3.1 Severity Score: Medium CVE: 2023-6565 Popup Builder – Create highly converting, mobile friendly marketing popups. Plugin Slug: popup-builder Installations 200,000+ Vulnerability: Server Side Request Forgery (SSRF) Patched in Version: 4.2.6 Severity Score: Medium CVE: 2023-6294 AMP for WP – Accelerated Mobile Pages Plugin Slug: accelerated-mobile-pages Installations 100,000+ Vulnerability: Broken Access Control Patched in Version: 1.0.93.2 Severity Score: Medium CVE: 2024-1043 Elementor Addon Elements Plugin: Elementor Addon Elements Plugin Slug: addon-elements-for-elementor-page-builder Installations 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.12.12 Severity Score: Medium CVE: 2024-0834 Advanced Database Cleaner Plugin: Advanced Database Cleaner Plugin Slug: advanced-database-cleaner Installations 100,000+ Vulnerability: PHP Object Injection Patched in Version: 3.1.4 Severity Score: Medium CVE: 2024-0668 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) Plugin: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) Plugin Slug: bdthemes-prime-slider-lite Installations 100,000+ Vulnerability: Broken Access Control Patched in Version: 3.11.11 Severity Score: Medium CVE: 2024-24883 Content Views – Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) Plugin Slug: content-views-query-and-display-post-page Installations 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.6.3 Severity Score: Medium CVE: 2024-0612 Custom Twitter Feeds – A Tweets Widget or X Feed Widget Plugin Slug: custom-twitter-feeds Installations 100,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.2.2 Severity Score: Medium CVE: 2024-0379 Insert PHP Code Snippet Plugin: Insert PHP Code Snippet Plugin Slug: insert-php-code-snippet Installations 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.3.5 Severity Score: Medium CVE: 2024-0658 Login Lockdown – Protect Login Form Plugin Slug: login-lockdown Installations 100,000+ Vulnerability: Broken Access Control Patched in Version: 2.09 Severity Score: Medium CVE: 2024-1340 Minimal Coming Soon – Coming Soon Page Plugin Slug: minimal-coming-soon-maintenance-mode Installations 100,000+ Vulnerability: Bypass Vulnerability Patched in Version: 2.38 Severity Score: Low CVE: 2024-1075 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Plugin Slug: powerpack-lite-for-elementor Installations 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.7.15 Severity Score: Medium CVE: 2024-1055 Defender Security – Malware Scanner, Login Security & Firewall Plugin Slug: defender-security Installations 90,000+ Vulnerability: Bypass Vulnerability Patched in Version: 4.4.2 Severity Score: Medium CVE: 2024-25595 Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Plugin Slug: paid-memberships-pro Installations 90,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 2.12.9 Severity Score: Medium Matomo Analytics – Ethical Stats. Powerful Insights. Plugin Slug: matomo Installations 80,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.0.1 Severity Score: High CVE: 2023-6923 Elementor Addons by Livemesh Plugin: Elementor Addons by Livemesh Plugin Slug: addons-for-elementor Installations 70,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 8.3.1 Severity Score: Medium CVE: 2024-25598 Elementor Addons by Livemesh Plugin: Elementor Addons by Livemesh Plugin Slug: addons-for-elementor Installations 70,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 8.3.3 Severity Score: Medium CVE: 2024-1235 WP Booking Calendar Plugin: WP Booking Calendar Plugin Slug: booking Installations 60,000+ Vulnerability: SQL Injection Patched in Version: 9.9.1 Severity Score: Critical CVE: 2024-1207 Customer Reviews for WooCommerce Plugin: Customer Reviews for WooCommerce Plugin Slug: customer-reviews-woocommerce Installations 60,000+ Vulnerability: Broken Access Control Patched in Version: 5.39.0 Severity Score: Medium CVE: 2024-1044 Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) Plugin Slug: timeline-widget-addon-for-elementor Installations 60,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.5.4 Severity Score: Medium CVE: 2024-0977 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging Plugin Slug: wp-rss-aggregator Installations 60,000+ Vulnerability: Server Side Request Forgery (SSRF) Patched in Version: 4.23.6 Severity Score: Low CVE: 2024-0628 AI Engine Bold Page Builder Plugin: Bold Page Builder Plugin Slug: bold-page-builder Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.8.1 Severity Score: Medium CVE: 2024-1160 Bold Page Builder Plugin: Bold Page Builder Plugin Slug: bold-page-builder Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.8.1 Severity Score: Medium CVE: 2024-1157 Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) Plugin Slug: easy-digital-downloads Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.2.7 Severity Score: Medium CVE: 2024-0659 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Plugin: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Plugin Slug: feedzy-rss-feeds Installations 50,000+ Vulnerability: SQL Injection Patched in Version: 4.4.3 Severity Score: High CVE: 2024-1317 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Plugin: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Plugin Slug: feedzy-rss-feeds Installations 50,000+ Vulnerability: Broken Access Control Patched in Version: 4.4.3 Severity Score: Medium CVE: 2024-1318 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Plugin: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Plugin Slug: feedzy-rss-feeds Installations 50,000+ Vulnerability: Broken Access Control Patched in Version: 4.4.2 Severity Score: Medium CVE: 2024-1092 Internal Link Juicer: SEO Auto Linker for WordPress Plugin Slug: internal-links Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.23.5 Severity Score: Medium CVE: 2024-0657 MapPress Maps for WordPress Plugin: MapPress Maps for WordPress Plugin Slug: mappress-google-maps-for-wordpress Installations 50,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 2.88.16 Severity Score: Medium CVE: 2024-0421 MapPress Maps for WordPress Plugin: MapPress Maps for WordPress Plugin Slug: mappress-google-maps-for-wordpress Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.88.15 Severity Score: Medium CVE: 2024-0420 Shariff Wrapper Plugin: Shariff Wrapper Plugin Slug: shariff Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.6.10 Severity Score: Medium CVE: 2024-1106 Booster for WooCommerce Plugin: Booster for WooCommerce Plugin Slug: woocommerce-jetpack Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 7.1.7 Severity Score: Medium CVE: 2024-1054 WP Recipe Maker Plugin: WP Recipe Maker Plugin Slug: wp-recipe-maker Installations 50,000+ Vulnerability: Broken Access Control Patched in Version: 9.2.0 Severity Score: High CVE: 2024-1206 Shield Security – Smart Bot Blocking & Intrusion Prevention Security Plugin Slug: wp-simple-firewall Installations 50,000+ Vulnerability: Local File Inclusion Patched in Version: 18.5.10 Severity Score: High CVE: 2023-6989 Starbox – the Author Box for Humans Plugin Slug: starbox Installations 40,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.5.0 Severity Score: Medium CVE: 2024-0256 Starbox – the Author Box for Humans Plugin Slug: starbox Installations 40,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.5.0 Severity Score: Medium CVE: 2023-6806 WP 404 Auto Redirect to Similar Post Plugin Slug: wp-404-auto-redirect-to-similar-post Installations 40,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.0.4 Severity Score: High CVE: 2024-0509 WP Editor Plugin: WP Editor Plugin Slug: wp-editor Installations 40,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 1.2.8 Severity Score: Medium CVE: 2024-25591 Apollo13 Framework Extensions Plugin: Apollo13 Framework Extensions Plugin Slug: apollo13-framework-extensions Installations 30,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.9.3 Severity Score: Medium CVE: 2024-24880 Gutenberg Block Editor Toolkit – EditorsKit Plugin Slug: block-options Installations 30,000+ Vulnerability: Arbitrary File Upload Patched in Version: 1.40.4 Severity Score: High CVE: 2023-6635 PPWP – Password Protect Pages Plugin: PPWP – Password Protect Pages Plugin Slug: password-protect-page Installations 30,000+ Vulnerability: Bypass Vulnerability Patched in Version: 1.9.0 Severity Score: Medium CVE: 2024-0620 All 404 Pages Redirect to Homepage Plugin Slug: all-404-pages-redirect-to-homepage Installations 20,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.0 Severity Score: Medium CVE: 2024-24889 Maspik – Spam Blacklist Plugin: Maspik – Spam Blacklist Plugin Slug: contact-forms-anti-spam Installations 20,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 0.10.7 Severity Score: Medium CVE: 2024-25101 Quiz Maker Plugin: Quiz Maker Plugin Slug: quiz-maker Installations 20,000+ Vulnerability: Broken Access Control Patched in Version: 6.5.2.5 Severity Score: Medium CVE: 2024-1078 Quiz Maker Plugin: Quiz Maker Plugin Slug: quiz-maker Installations 20,000+ Vulnerability: Broken Access Control Patched in Version: 6.5.2.5 Severity Score: Medium CVE: 2024-1079 NextMove Lite – Thank You Page for WooCommerce Plugin Slug: woo-thank-you-page-nextmove-lite Installations 20,000+ Vulnerability: Remote Code Execution (RCE) Patched in Version: 2.18.0 Severity Score: High CVE: 2024-25092 Awesome Support – WordPress HelpDesk & Support Plugin Plugin Slug: awesome-support Installations 10,000+ Vulnerability: SQL Injection Patched in Version: 6.1.8 Severity Score: High CVE: 2024-0594 Passster – Password Protect Pages and Content Plugin Slug: content-protector Installations 10,000+ Vulnerability: Broken Access Control Patched in Version: 4.2.6.3 Severity Score: Medium CVE: 2024-0616 Directorist – WordPress Business Directory Plugin with Classified Ads Listings Plugin Slug: directorist Installations 10,000+ Vulnerability: Broken Access Control Patched in Version: 7.8.5 Severity Score: Medium CVE: 2024-1322 Link Library Plugin: Link Library Plugin Slug: link-library Installations 10,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 7.6 Severity Score: High CVE: 2024-24879 Link Library Plugin: Link Library Plugin Slug: link-library Installations 10,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 7.6 Severity Score: Medium CVE: 2024-24875 NEX-Forms – Ultimate Form Builder – Contact forms and much more Plugin Slug: nex-forms-express-wp-form-builder Installations 10,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 8.5.6 Severity Score: Medium CVE: 2024-25593 Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) Plugin: Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) Plugin Slug: smart-manager-for-wp-e-commerce Installations 10,000+ Vulnerability: SQL Injection Patched in Version: 8.28.0 Severity Score: High CVE: 2024-0566 Wonder Slider Lite Plugin: Wonder Slider Lite Plugin Slug: wonderplugin-slider-lite Installations 10,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 14.0 Severity Score: High CVE: 2024-24877 Woocommerce Vietnam Checkout Plugin: Woocommerce Vietnam Checkout Plugin Slug: woo-vietnam-checkout Installations 10,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.0.8 Severity Score: Medium CVE: 2024-24885 Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin Plugin Slug: wp-event-solution Installations 10,000+ Vulnerability: Broken Access Control Patched in Version: 3.3.51 Severity Score: Medium CVE: 2024-1122 Product Labels For Woocommerce (Sale Badges) Plugin Slug: aco-product-labels-for-woocommerce Installations 9,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.5.4 Severity Score: Medium CVE: 2024-24886 Analytics Insights – Google Analytics Dashboard for WordPress Plugin Slug: analytics-insights Installations 9,000+ Vulnerability: Open Redirection Patched in Version: 6.3 Severity Score: Medium CVE: 2024-0250 WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc Plugin Slug: wp-sms Installations 9,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 6.5.3 Severity Score: High CVE: 2024-24881 Themify Builder Plugin: Themify Builder Plugin Slug: themify-builder Installations 7,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 7.0.6 Severity Score: Medium CVE: 2024-24872 Podlove Podcast Publisher Plugin: Podlove Podcast Publisher Plugin Slug: podlove-podcasting-plugin-for-wordpress Installations 6,000+ Vulnerability: Broken Access Control Patched in Version: 4.0.12 Severity Score: Medium CVE: 2024-1109 Podlove Podcast Publisher Plugin: Podlove Podcast Publisher Plugin Slug: podlove-podcasting-plugin-for-wordpress Installations 6,000+ Vulnerability: Broken Access Control Patched in Version: 4.0.12 Severity Score: Medium CVE: 2024-1110 Contact Form 7 Connector Plugin: Contact Form 7 Connector Plugin Slug: ari-cf7-connector Installations 5,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 1.2.3 Severity Score: Medium CVE: 2024-24884 Advanced Forms for ACF Plugin: Advanced Forms for ACF Plugin Slug: advanced-forms Installations 3,000+ Vulnerability: Broken Access Control Patched in Version: 1.9.3.3 Severity Score: Medium CVE: 2024-1121 Paytium: Mollie payment forms & donations Plugin Slug: paytium Installations 3,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.4.3 Severity Score: Medium CVE: 2024-25099 Podlove Subscribe button Plugin: Podlove Subscribe button Plugin Slug: podlove-subscribe-button Installations 3,000+ Vulnerability: SQL Injection Patched in Version: 1.3.11 Severity Score: High CVE: 2024-1118 SKT Page Builder Plugin: SKT Page Builder Plugin Slug: skt-builder Installations 3,000+ Vulnerability: Broken Access Control Patched in Version: 4.2 Severity Score: Medium CVE: 2024-1337 Doofinder WP & WooCommerce Search Plugin Slug: doofinder-for-woocommerce Installations 2,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.1.9 Severity Score: Medium CVE: 2024-25596 EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase) Plugin: EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase) Plugin Slug: eazydocs Installations 2,000+ Vulnerability: Broken Access Control Patched in Version: 2.4.0 Severity Score: Medium CVE: 2024-0248 ImageRecycle pdf & image compression Plugin Slug: imagerecycle-pdf-image-compression Installations 2,000+ Vulnerability: Broken Access Control Patched in Version: 3.1.14 Severity Score: Medium CVE: 2024-1089 ImageRecycle pdf & image compression Plugin Slug: imagerecycle-pdf-image-compression Installations 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.1.14 Severity Score: Medium CVE: 2024-1339 ImageRecycle pdf & image compression Plugin Slug: imagerecycle-pdf-image-compression Installations 2,000+ Vulnerability: Broken Access Control Patched in Version: 3.1.14 Severity Score: Medium CVE: 2024-1091 ImageRecycle pdf & image compression Plugin Slug: imagerecycle-pdf-image-compression Installations 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.1.14 Severity Score: Medium CVE: 2024-1338 ImageRecycle pdf & image compression Plugin Slug: imagerecycle-pdf-image-compression Installations 2,000+ Vulnerability: Broken Access Control Patched in Version: 3.1.14 Severity Score: Medium CVE: 2024-1090 ImageRecycle pdf & image compression Plugin Slug: imagerecycle-pdf-image-compression Installations 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.1.14 Severity Score: Medium CVE: 2024-1336 ImageRecycle pdf & image compression Plugin Slug: imagerecycle-pdf-image-compression Installations 2,000+ Vulnerability: Broken Access Control Patched in Version: 3.1.14 Severity Score: Medium CVE: 2024-0984 ImageRecycle pdf & image compression Plugin Slug: imagerecycle-pdf-image-compression Installations 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.1.14 Severity Score: Medium CVE: 2024-1335 ImageRecycle pdf & image compression Plugin Slug: imagerecycle-pdf-image-compression Installations 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.1.14 Severity Score: Medium CVE: 2024-1334 ImageRecycle pdf & image compression Plugin Slug: imagerecycle-pdf-image-compression Installations 2,000+ Vulnerability: Broken Access Control Patched in Version: 3.1.14 Severity Score: Medium CVE: 2024-0983 Simple Page Access Restriction Plugin: Simple Page Access Restriction Plugin Slug: simple-page-access-restriction Installations 2,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 1.0.23 Severity Score: Medium CVE: 2024-0965 Anonymous Restricted Content Plugin: Anonymous Restricted Content Plugin Slug: anonymous-restricted-content Installations 1,000+ Vulnerability: Bypass Vulnerability Patched in Version: 1.6.3 Severity Score: Medium CVE: 2024-0909 Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress Plugin: Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress Plugin Slug: contest-gallery Installations 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 21.2.9 Severity Score: Medium CVE: 2024-24887 Polls CP Plugin: Polls CP Plugin Slug: cp-polls Installations 1,000+ Vulnerability: Content Injection Patched in Version: 1.0.72 Severity Score: Medium CVE: 2024-24874 Polls CP Plugin: Polls CP Plugin Slug: cp-polls Installations 1,000+ Vulnerability: Bypass Vulnerability Patched in Version: 1.0.72 Severity Score: Medium CVE: 2024-24873 GD Rating System Plugin: GD Rating System Plugin Slug: gd-rating-system Installations 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.5.1 Severity Score: High CVE: 2024-25093 Frontend File Manager Plugin Plugin: Frontend File Manager Plugin Plugin Slug: nmedia-user-file-uploader Installations 1,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 22.8 Severity Score: Medium CVE: 2024-25903 TNC PDF viewer Plugin: TNC PDF viewer Plugin Slug: pdf-viewer-by-themencode Installations 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.9.0 Severity Score: Medium CVE: 2024-25097 Sunshine Photo Cart: Free Client Galleries for Photographers Plugin Slug: sunshine-photo-cart Installations 1,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 3.1 Severity Score: Medium CVE: 2024-1294 WP Club Manager – WordPress Sports Club Plugin Plugin Slug: wp-club-manager Installations 1,000+ Vulnerability: Broken Access Control Patched in Version: 2.2.11 Severity Score: Medium CVE: 2024-1177 Ultimate Reviews Plugin: Ultimate Reviews Plugin Slug: ultimate-reviews Installations 900+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.2.9 Severity Score: High CVE: 2024-25597 Portugal CTT Tracking for WooCommerce Plugin Slug: portugal-ctt-tracking-woocommerce Installations 700+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.2 Severity Score: High CVE: 2024-24878 Web3 – Crypto wallet Login & NFT token gating Plugin Slug: web3-authentication Installations 200+ Vulnerability: Broken Authentication Patched in Version: 3.0.0 Severity Score: Critical CVE: 2023-6036 LearnDash LMS Plugin: LearnDash LMS Plugin Slug: sfwd-lms Vulnerability: Sensitive Data Exposure Patched in Version: 4.10.3 Severity Score: Medium CVE: 2024-1208 LearnDash LMS Plugin: LearnDash LMS Plugin Slug: sfwd-lms Vulnerability: Sensitive Data Exposure Patched in Version: 4.10.2 Severity Score: Medium CVE: 2024-1210 LearnDash LMS Plugin: LearnDash LMS Plugin Slug: sfwd-lms Vulnerability: Sensitive Data Exposure Patched in Version: 4.10.2 Severity Score: Medium CVE: 2024-1209 WP Media folder Plugin: WP Media folder Plugin Slug: wp-media-folder Vulnerability: Arbitrary File Upload Patched in Version: 5.7.3 Severity Score: Critical CVE: 2024-25909 WP Media folder Plugin: WP Media folder Plugin Slug: wp-media-folder Vulnerability: Settings Change Patched in Version: 5.7.3 Severity Score: Medium CVE: 2024-25908 WP Media folder Plugin: WP Media folder Plugin Slug: wp-media-folder Vulnerability: Settings Change Patched in Version: 5.7.3 Severity Score: Medium CVE: 2024-25907 WordPress Themes — 1 Patched / 2 Unpatched Brooklyn Theme: Brooklyn Theme Slug: brooklyn Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2024-24927 Brooklyn Theme: Brooklyn Theme Slug: brooklyn Vulnerability: PHP Object Injection Patched in Version: No Fix Severity Score: High CVE: 2024-24926 Blocksy Theme: Blocksy Theme Slug: blocksy Downloads 2,812,211 Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.0.20 Severity Score: Medium CVE: 2024-24871 Solid Security is part of Solid Suite — The best foundation for WordPress websites. Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite! Sign up now — Get SolidWP updates and valuable content straight to your inbox Sign up now — Get SolidWP updates and valuable content straight to your inbox Sign up Get started with confidence — risk free, guaranteed

This content was originally published here.