Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)
🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024:
- All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
- Top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions
- Pending report limits are increased for all
- It’s possible to earn up to $31,200 for high impact vulnerabilities!
Last week, there were 161 vulnerabilities disclosed in 147 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 19,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 122 |
| Unpatched | 39 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 141 |
| High Severity | 15 |
| Critical Severity | 5 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 121 |
| Missing Authorization | 9 |
| Deserialization of Untrusted Data | 5 |
| Cross-Site Request Forgery (CSRF) | 4 |
| Unrestricted Upload of File with Dangerous Type | 4 |
| URL Redirection to Untrusted Site ('Open Redirect') | 4 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 3 |
| Authentication Bypass Using an Alternate Path or Channel | 2 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 2 |
| Improper Control of Generation of Code ('Code Injection') | 2 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 2 |
| Improper Neutralization of Alternate XSS Syntax | 1 |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 1 |
| Improper Privilege Management | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 22 | |
| 21 | |
| 12 | |
| 8 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 123.chat - Video Chat | 123-chat-videochat |
| Advanced Woo Labels – Product Labels for WooCommerce | advanced-woo-labels |
| Affiliate Program Suite — SliceWP Affiliates | slicewp |
| Aggregator Advanced Settings | aggregator-advanced-settings |
| Author Avatars List/Block | author-avatars |
| Auto Amazon Links – Amazon Associates Affiliate Plugin | amazon-auto-links |
| Auto Featured Image from Title | auto-featured-image-from-title |
| Automatically Hierarchic Categories in Menu | automatically-hierarchic-categories-in-menu |
| AVIF Uploader | avif-support |
| BA Book Everything | ba-book-everything |
| BerqWP – Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript | searchpro |
| Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress | file-manager |
| Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed | blockspare |
| Bold Page Builder | bold-page-builder |
| Broken Link Checker | broken-link-checker |
| BSK Forms Blacklist | bsk-gravityforms-blacklist |
| CartBounty – Save and recover abandoned carts for WooCommerce | woo-save-abandoned-carts |
| Checkout Field Editor (Checkout Manager) for WooCommerce | woo-checkout-field-editor-pro |
| Clio Grow | clio-grow-form |
| Code Embed | simple-embed-code |
| Confetti Fall Animation | confetti-fall-animation |
| Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder | fluentform |
| Copyscape Premium | copyscape-premium |
| Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library | cozy-addons |
| Custom Banners | custom-banners |
| Demo Importer Plus | demo-importer-plus |
| DethemeKit For Elementor | dethemekit-for-elementor |
| Display Medium Posts | display-medium-posts |
| DK PDF | dk-pdf |
| Easy Demo Importer – A Modern One-Click Demo Import Solution | easy-demo-importer |
| Easy Load More | easy-load-more |
| Easy WordPress Subscribe – Optin Hound | opt-in-hound |
| Echo RSS Feed Post Generator | rss-feed-post-generator-echo |
| Elastik Page Builder | elastik-page-builder |
| Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) | bdthemes-element-pack-lite |
| ElementInvader Addons for Elementor | elementinvader-addons-for-elementor |
| Elementor Addon Elements | addon-elements-for-elementor-page-builder |
| ElementsReady Addons for Elementor | element-ready-lite |
| Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce | email-subscribers |
| Enter Addons – Ultimate Template Builder for Elementor | enteraddons |
| Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates | essential-blocks |
| EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
| FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin | helpie-faq |
| Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate | fish-and-ships |
| Form plugin for WordPress – Zoho Forms | zoho-forms |
| Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials | stars-testimonials-with-slider-and-masonry-grid |
| Gallery Lightbox | gallery-lightbox-slider |
| Geo Mashup | geo-mashup |
| Gravity Forms Toolbar | gravity-forms-toolbar |
| Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg | guten-post-layout |
| Happy Addons for Elementor | happy-elementor-addons |
| Hash Form – Drag & Drop Form Builder | hash-form |
| Hello World | hello-world |
| Ibtana – WordPress Website Builder | ibtana-visual-editor |
| Iconize | iconize |
| Include Fussball.de Widgets | include-fussball-de-widgets |
| Jeg Elementor Kit | jeg-elementor-kit |
| JobSearch WP Job Board | wp-jobsearch |
| KB Support – WordPress Help Desk and Knowledge Base | kb-support |
| Keap Official Opt-in Forms | infusionsoft-official-opt-in-forms |
| LA-Studio Element Kit for Elementor | lastudio-element-kit |
| LH Copy Media File | lh-copy-media-file |
| LiteSpeed Cache | litespeed-cache |
| LocateAndFilter | locateandfilter |
| Loggedin – Limit Active Logins | loggedin |
| Login Logout Shortcode | login-logout-shortcode |
| Logo Carousel – Clients logo carousel for WP | responsive-client-logo-carousel-slider |
| Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid | magazine-blocks |
| MaxSlider | maxslider |
| MC4WP: Mailchimp Top Bar | mailchimp-top-bar |
| Memberful – Membership Plugin | memberful-wp |
| Move Addons for Elementor | move-addons |
| NEX-Forms – Ultimate Form Builder – Contact forms and much more | nex-forms-express-wp-form-builder |
| Online Booking & Scheduling Calendar for WordPress by vcita | meeting-scheduler-by-vcita |
| Page-list | page-list |
| Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | paid-member-subscriptions |
| Payflex Payment Gateway | payflex-payment-gateway |
| PDF Image Generator | pdf-image-generator |
| Popularis Extra | popularis-extra |
| Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder | popup-maker |
| Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | buddyforms |
| Premium Blocks – Gutenberg Blocks for WordPress | premium-blocks-for-gutenberg |
| Product Delivery Date for WooCommerce – Lite | product-delivery-date-for-woocommerce-lite |
| PWA — easy way to Progressive Web App | iworks-pwa |
| QS Dark Mode Plugin | qs-dark-mode |
| Quantity Dynamic Pricing & Bulk Discounts for WooCommerce | wholesale-pricing-woocommerce |
| Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress | quillforms |
| R Animated Icon Plugin | r-animated-icon |
| RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more | rabbit-loader |
| Rank Math SEO – AI SEO Tools to Dominate SEO Rankings | seo-by-rank-math |
| Re:WP | rewp |
| Relogo | relogo |
| Robokassa payment gateway for Woocommerce | robokassa |
| RomethemeKit For Elementor | rometheme-for-elementor |
| RumbleTalk Live Group Chat – HTML5 | rumbletalk-chat-a-chat-with-themes |
| Search Analytics for WP | search-analytics |
| Search Atlas SEO – Best SEO Plugin for One-Click WP Publishing & Integrated AI Optimization | metasync |
| SEOPress – On-site SEO | wp-seopress |
| ShiftController Employee Shift Scheduling | shiftcontroller |
| Shortcodes and extra features for Phlox theme | auxin-elements |
| Simple Membership After Login Redirection | simple-membership-after-login-redirection |
| Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel | depicter |
| Slider Revolution | revslider |
| Slideshow Gallery LITE | slideshow-gallery |
| Smart Custom 404 Error Page | 404page |
| Social Auto Poster | social-auto-poster |
| Social Web Suite – Social Media Auto Post, Social Media Auto Publish | social-web-suite |
| Soumettre.fr | soumettre-fr |
| Spice Starter Sites | spice-starter-sites |
| Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More | woocommerce-exporter |
| Strong Testimonials | strong-testimonials |
| SVG Complete | svg-complete |
| The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) | the-pack-addon |
| The Ultimate WordPress Toolkit – WP Extended | wpextended |
| Themify Builder | themify-builder |
| TinyPNG – JPEG, PNG & WebP image compression | tiny-compress-images |
| TNC PDF viewer | pdf-viewer-by-themencode |
| Top Bar – PopUps – by WPOptin | wpoptin |
| Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | ultimate-member |
| Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider | ultimate-store-kit |
| Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | unlimited-elements-for-elementor |
| VdoCipher: Secure Video Player and Hosting | vdocipher |
| Visual CSS Style Editor | yellow-pencil-visual-theme-customizer |
| Web Directory Free | web-directory-free |
| Wechat Social login 微信QQ钉钉登录插件 | wechat-social-login |
| WordPress & WooCommerce Affiliate Program | wp-wc-affiliate-program |
| WordPress Captcha Plugin by Captcha Bank | captcha-bank |
| WordPress Infinite Scroll – Ajax Load More | ajax-load-more |
| WP Blocks Hub | wp-blocks-hub |
| WP Booking Calendar | booking |
| WP Bulk Delete | wp-bulk-delete |
| WP Cleanup and Basic Functions | wp-cleanup-and-basic-functions |
| WP Compress – Instant Performance & Speed Optimization | wp-compress-image-optimizer |
| WP Easy Gallery – WordPress Gallery Plugin | wp-easy-gallery |
| WP Hotel Booking | wp-hotel-booking |
| WP MyLinks | wp-mylinks |
| WP Travel Gutenberg Blocks | wp-travel-blocks |
| WP-Lister Lite for eBay | wp-lister-for-ebay |
| WP-WebAuthn | wp-webauthn |
| WPCOM Member | wpcom-member |
| WPMobile.App — Android and iOS Mobile Application | wpappninja |
| XLTab – Accordions and Tabs for Elementor Page Builder | xl-tab |
| XO Slider | xo-liteslider |
| YITH WooCommerce Ajax Search | yith-woocommerce-ajax-search |
| YITH WooCommerce Product Add-Ons | yith-woocommerce-product-add-ons |
| YML for Yandex Market | yml-for-yandex-market |
| Zotpress | zotpress |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Create | create |
| Empowerment | empowerment |
| Full Frame | full-frame |
| UltraPress | ultrapress |
| Unseen Blog | unseen-blog |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2024-9265
CVE-2024-9265
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Echo RSS Feed Post Generator
Echo RSS Feed Post Generator
Researcher
CVE-ID
CVE-2024-47636
CVE-2024-47636
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
JobSearch WP Job Board
JobSearch WP Job Board
Researcher
CVE-ID
CVE-2024-9106
CVE-2024-9106
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Wechat Social login 微信QQ钉钉登录插件
Wechat Social login 微信QQ钉钉登录插件
Researcher
CVE-ID
CVE-2024-9108
CVE-2024-9108
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Wechat Social login 微信QQ钉钉登录插件
Wechat Social login 微信QQ钉钉登录插件
Researcher
CVE-ID
CVE-2024-9289
CVE-2024-9289
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
WordPress & WooCommerce Affiliate Program
WordPress & WooCommerce Affiliate Program
Researcher
CVE-ID
CVE-2024-7433
CVE-2024-7433
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Empowerment
Empowerment
Researcher
CVE-ID
CVE-2024-47351
CVE-2024-47351
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
MaxSlider
MaxSlider
Researcher
CVE-ID
CVE-2024-7434
CVE-2024-7434
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
UltraPress
UltraPress
Researcher
CVE-ID
CVE-2024-7432
CVE-2024-7432
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Unseen Blog
Unseen Blog
Researcher
CVE-ID
CVE-2024-9018
CVE-2024-9018
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
WP Easy Gallery – WordPress Gallery Plugin
WP Easy Gallery – WordPress Gallery Plugin
Researcher
CVE-ID
CVE-2024-7855
CVE-2024-7855
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
Affected Software
WP Hotel Booking
WP Hotel Booking
Researcher
CVE-ID
CVE-2024-8548
CVE-2024-8548
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
KB Support – WordPress Help Desk and Knowledge Base
KB Support – WordPress Help Desk and Knowledge Base
Researcher
CVE-ID
CVE-2024-47645
CVE-2024-47645
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Top Bar – PopUps – by WPOptin
Top Bar – PopUps – by WPOptin
Researcher
CVE-ID
CVE-2024-8352
CVE-2024-8352
Patch Status
Patched
Patched
Published
Oct 2, 2024
Oct 2, 2024
Affected Software
Social Web Suite – Social Media Auto Post, Social Media Auto Publish
Social Web Suite – Social Media Auto Post, Social Media Auto Publish
Researcher
CVE-ID
CVE-2024-47350
CVE-2024-47350
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
YITH WooCommerce Ajax Search
YITH WooCommerce Ajax Search
Researcher
CVE-ID
CVE-2024-7869
CVE-2024-7869
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
123.chat - Video Chat
123.chat - Video Chat
Researcher
CVE-ID
CVE-2024-47374
CVE-2024-47374
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
LiteSpeed Cache
LiteSpeed Cache
Researcher
CVE-ID
CVE-2024-9314
CVE-2024-9314
Patch Status
Patched
Patched
Published
Oct 4, 2024
Oct 4, 2024
Affected Software
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
Researcher
CVE-ID
CVE-2024-8981
CVE-2024-8981
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Broken Link Checker
Broken Link Checker
Researcher
CVE-ID
CVE-2024-8743
CVE-2024-8743
Patch Status
Patched
Patched
Published
Oct 4, 2024
Oct 4, 2024
Affected Software
Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress
Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress
Researcher
CVE-ID
CVE-2024-9224
CVE-2024-9224
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Hello World
Hello World
Researcher
CVE-ID
CVE-2024-8632
CVE-2024-8632
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
KB Support – WordPress Help Desk and Knowledge Base
KB Support – WordPress Help Desk and Knowledge Base
Researcher
CVE-ID
CVE-2024-9161
CVE-2024-9161
Patch Status
Patched
Patched
Published
Oct 4, 2024
Oct 4, 2024
Affected Software
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
Researcher
CVE-ID
CVE-2024-47622
CVE-2024-47622
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Advanced Woo Labels – Product Labels for WooCommerce
Advanced Woo Labels – Product Labels for WooCommerce
Researcher
CVE-ID
CVE-2024-9368
CVE-2024-9368
Patch Status
Unpatched
Unpatched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Aggregator Advanced Settings
Aggregator Advanced Settings
Researcher
CVE-ID
CVE-2024-47370
CVE-2024-47370
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Author Avatars List/Block
Author Avatars List/Block
Researcher
CVE-ID
CVE-2024-9060
CVE-2024-9060
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
AVIF Uploader
AVIF Uploader
Researcher
CVE-ID
CVE-2024-47363
CVE-2024-47363
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
CVE-ID
CVE-2024-47391
CVE-2024-47391
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Bold Page Builder
Bold Page Builder
Researcher
CVE-ID
CVE-2024-8804
CVE-2024-8804
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Code Embed
Code Embed
Researcher
CVE-ID
CVE-2024-47641
CVE-2024-47641
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Confetti Fall Animation
Confetti Fall Animation
Researcher
CVE-ID
CVE-2024-47355
CVE-2024-47355
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
CVE-ID
CVE-2024-9172
CVE-2024-9172
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
Affected Software
Demo Importer Plus
Demo Importer Plus
Researcher
CVE-ID
CVE-2024-47632
CVE-2024-47632
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
DethemeKit For Elementor
DethemeKit For Elementor
Researcher
CVE-ID
CVE-2024-9445
CVE-2024-9445
Patch Status
Unpatched
Unpatched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Display Medium Posts
Display Medium Posts
Researcher
CVE-ID
CVE-2024-9071
CVE-2024-9071
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Easy Demo Importer – A Modern One-Click Demo Import Solution
Easy Demo Importer – A Modern One-Click Demo Import Solution
Researcher
CVE-ID
CVE-2024-9274
CVE-2024-9274
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Elastik Page Builder
Elastik Page Builder
Researcher
Element Pack Elementor Addons <= 5.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-47392
CVE-2024-47392
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Researcher
CVE-ID
CVE-2024-47630
CVE-2024-47630
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
ElementInvader Addons for Elementor
ElementInvader Addons for Elementor
Researcher
CVE-ID
CVE-2024-47366
CVE-2024-47366
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Elementor Addon Elements
Elementor Addon Elements
Researcher
CVE-ID
CVE-2024-47625
CVE-2024-47625
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Enter Addons – Ultimate Template Builder for Elementor
Enter Addons – Ultimate Template Builder for Elementor
Researcher
Essential Blocks for Gutenberg <= 4.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-47385
CVE-2024-47385
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Researcher
CVE-ID
CVE-2024-44010
CVE-2024-44010
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Full Frame
Full Frame
Researcher
CVE-ID
CVE-2024-47623
CVE-2024-47623
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Gallery Lightbox
Gallery Lightbox
Researcher
CVE-ID
CVE-2024-8990
CVE-2024-8990
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Geo Mashup
Geo Mashup
Researcher
CVE-ID
CVE-2024-8288
CVE-2024-8288
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Researcher
CVE-ID
CVE-2024-47357
CVE-2024-47357
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Happy Addons for Elementor
Happy Addons for Elementor
Researcher
CVE-ID
CVE-2024-8282
CVE-2024-8282
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
Affected Software
Ibtana – WordPress Website Builder
Ibtana – WordPress Website Builder
Researcher
CVE-ID
CVE-2024-47643
CVE-2024-47643
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Include Fussball.de Widgets
Include Fussball.de Widgets
Researcher
CVE-ID
CVE-2024-47390
CVE-2024-47390
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Jeg Elementor Kit
Jeg Elementor Kit
Researcher
CVE-ID
CVE-2024-47642
CVE-2024-47642
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Keap Official Opt-in Forms
Keap Official Opt-in Forms
Researcher
CVE-ID
CVE-2024-47628
CVE-2024-47628
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
LA-Studio Element Kit for Elementor
LA-Studio Element Kit for Elementor
Researcher
CVE-ID
CVE-2024-47373
CVE-2024-47373
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
LiteSpeed Cache
LiteSpeed Cache
Researcher
LocateAndFilter <= 1.6.14 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
6.4
CVE-ID
CVE-2024-9304
CVE-2024-9304
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
LocateAndFilter
LocateAndFilter
Researcher
CVE-ID
CVE-2024-9421
CVE-2024-9421
Patch Status
Unpatched
Unpatched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Login Logout Shortcode
Login Logout Shortcode
Researcher
CVE-ID
CVE-2024-47631
CVE-2024-47631
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Logo Carousel – Clients logo carousel for WP
Logo Carousel – Clients logo carousel for WP
Researcher
Memberful – Membership Plugin <= 1.73.7 - Authenticated (contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-9242
CVE-2024-9242
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Memberful – Membership Plugin
Memberful – Membership Plugin
Researcher
CVE-ID
CVE-2024-47364
CVE-2024-47364
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Move Addons for Elementor
Move Addons for Elementor
Researcher
CVE-ID
CVE-2024-47368
CVE-2024-47368
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Premium Blocks – Gutenberg Blocks for WordPress
Premium Blocks – Gutenberg Blocks for WordPress
Researcher
CVE-ID
CVE-2024-8967
CVE-2024-8967
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
Affected Software
PWA — easy way to Progressive Web App
PWA — easy way to Progressive Web App
Researcher
QS Dark Mode Plugin <= 2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
6.4
CVE-ID
CVE-2024-9118
CVE-2024-9118
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
QS Dark Mode Plugin
QS Dark Mode Plugin
Researcher
CVE-ID
CVE-2024-47393
CVE-2024-47393
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
CVE-ID
CVE-2024-9272
CVE-2024-9272
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
R Animated Icon Plugin
R Animated Icon Plugin
Researcher
CVE-ID
CVE-2024-9271
CVE-2024-9271
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Re:WP
Re:WP
Researcher
CVE-ID
CVE-2024-9269
CVE-2024-9269
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Relogo
Relogo
Researcher
CVE-ID
CVE-2024-47626
CVE-2024-47626
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
RomethemeKit For Elementor
RomethemeKit For Elementor
Researcher
CVE-ID
CVE-2024-8720
CVE-2024-8720
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
RumbleTalk Live Group Chat – HTML5
RumbleTalk Live Group Chat – HTML5
Researchers
CVE-ID
CVE-2024-8486
CVE-2024-8486
Patch Status
Patched
Patched
Published
Oct 4, 2024
Oct 4, 2024
Affected Software
Shortcodes and extra features for Phlox theme
Shortcodes and extra features for Phlox theme
Researcher
CVE-ID
CVE-2024-8107
CVE-2024-8107
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Slider Revolution
Slider Revolution
Researcher
CVE-ID
CVE-2024-8989
CVE-2024-8989
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials
Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials
Researcher
CVE-ID
CVE-2024-9119
CVE-2024-9119
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
SVG Complete
SVG Complete
Researcher
CVE-ID
CVE-2024-47383
CVE-2024-47383
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Researcher
CVE-ID
CVE-2024-8519
CVE-2024-8519
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
CVE-ID
CVE-2024-47629
CVE-2024-47629
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
CVE-ID
CVE-2024-47639
CVE-2024-47639
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
VdoCipher: Secure Video Player and Hosting
VdoCipher: Secure Video Player and Hosting
Researcher
CVE-ID
CVE-2024-8505
CVE-2024-8505
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
Affected Software
WordPress Infinite Scroll – Ajax Load More
WordPress Infinite Scroll – Ajax Load More
Researcher
WP Blocks Hub <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
6.4
CVE-ID
CVE-2024-9372
CVE-2024-9372
Patch Status
Unpatched
Unpatched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
WP Blocks Hub
WP Blocks Hub
Researcher
CVE-ID
CVE-2024-9455
CVE-2024-9455
Patch Status
Unpatched
Unpatched
Published
Oct 4, 2024
Oct 4, 2024
Affected Software
WP Cleanup and Basic Functions
WP Cleanup and Basic Functions
Researcher
CVE-ID
CVE-2024-47627
CVE-2024-47627
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
WP Travel Gutenberg Blocks
WP Travel Gutenberg Blocks
Researcher
CVE-ID
CVE-2024-47650
CVE-2024-47650
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
WP-WebAuthn
WP-WebAuthn
Researcher
CVE-ID
CVE-2024-47375
CVE-2024-47375
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
XLTab – Accordions and Tabs for Elementor Page Builder
XLTab – Accordions and Tabs for Elementor Page Builder
Researcher
CVE-ID
CVE-2024-8324
CVE-2024-8324
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
XO Slider
XO Slider
Researcher
CVE-ID
CVE-2024-47633
CVE-2024-47633
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Form plugin for WordPress – Zoho Forms
Form plugin for WordPress – Zoho Forms
Researcher
CVE-ID
CVE-2024-47621
CVE-2024-47621
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Zotpress
Zotpress
Researcher
Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.2 - Reflected Cross-Site Scripting
6.1
CVE-ID
CVE-2024-9349
CVE-2024-9349
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Auto Amazon Links – Amazon Associates Affiliate Plugin
Auto Amazon Links – Amazon Associates Affiliate Plugin
Researcher
CVE-ID
CVE-2024-8786
CVE-2024-8786
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Auto Featured Image from Title
Auto Featured Image from Title
Researcher
CVE-ID
CVE-2024-47360
CVE-2024-47360
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
BA Book Everything
BA Book Everything
Researcher
CVE-ID
CVE-2024-9344
CVE-2024-9344
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
Affected Software
BerqWP – Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
BerqWP – Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
Researcher
CVE-ID
CVE-2024-47624
CVE-2024-47624
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
BSK Forms Blacklist
BSK Forms Blacklist
Researcher
CVE-ID
CVE-2024-47644
CVE-2024-47644
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Copyscape Premium
Copyscape Premium
Researcher
CVE-ID
CVE-2024-8799
CVE-2024-8799
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Custom Banners
Custom Banners
Researcher
CVE-ID
CVE-2024-8728
CVE-2024-8728
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Easy Load More
Easy Load More
Researcher
CVE-ID
CVE-2024-9267
CVE-2024-9267
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Easy WordPress Subscribe – Optin Hound
Easy WordPress Subscribe – Optin Hound
Researcher
CVE-ID
CVE-2024-47353
CVE-2024-47353
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
ElementsReady Addons for Elementor
ElementsReady Addons for Elementor
Researcher
CVE-ID
CVE-2024-47648
CVE-2024-47648
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
EventPrime – Events Calendar, Bookings and Tickets
EventPrime – Events Calendar, Bookings and Tickets
Researcher
CVE-ID
CVE-2024-9237
CVE-2024-9237
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Researcher
CVE-ID
CVE-2024-8718
CVE-2024-8718
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Gravity Forms Toolbar
Gravity Forms Toolbar
Researcher
CVE-ID
CVE-2024-9417
CVE-2024-9417
Patch Status
Patched
Patched
Published
Oct 4, 2024
Oct 4, 2024
Affected Software
Hash Form – Drag & Drop Form Builder
Hash Form – Drag & Drop Form Builder
Researcher
CVE-ID
CVE-2024-47394
CVE-2024-47394
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
JobSearch WP Job Board
JobSearch WP Job Board
Researcher
CVE-ID
CVE-2024-9220
CVE-2024-9220
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
LH Copy Media File
LH Copy Media File
Researcher
CVE-ID
CVE-2024-9228
CVE-2024-9228
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Loggedin – Limit Active Logins
Loggedin – Limit Active Logins
Researcher
CVE-ID
CVE-2024-9218
CVE-2024-9218
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
Affected Software
Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
Researcher
CVE-ID
CVE-2024-9210
CVE-2024-9210
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
Affected Software
MC4WP: Mailchimp Top Bar
MC4WP: Mailchimp Top Bar
Researcher
CVE-ID
CVE-2024-47389
CVE-2024-47389
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
NEX-Forms – Ultimate Form Builder – Contact forms and much more
NEX-Forms – Ultimate Form Builder – Contact forms and much more
Researcher
CVE-ID
CVE-2024-47638
CVE-2024-47638
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Online Booking & Scheduling Calendar for WordPress by vcita
Online Booking & Scheduling Calendar for WordPress by vcita
Researcher
CVE-ID
CVE-2024-9222
CVE-2024-9222
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
Affected Software
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Researcher
CVE-ID
CVE-2024-47646
CVE-2024-47646
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Payflex Payment Gateway
Payflex Payment Gateway
Researcher
CVE-ID
CVE-2024-9241
CVE-2024-9241
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
PDF Image Generator
PDF Image Generator
Researcher
CVE-ID
CVE-2024-9353
CVE-2024-9353
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Popularis Extra
Popularis Extra
Researcher
CVE-ID
CVE-2024-9345
CVE-2024-9345
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Product Delivery Date for WooCommerce – Lite
Product Delivery Date for WooCommerce – Lite
Researcher
Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 3.8.0 - Reflected Cross-Site Scripting
6.1
CVE-ID
CVE-2024-9384
CVE-2024-9384
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Quantity Dynamic Pricing & Bulk Discounts for WooCommerce
Quantity Dynamic Pricing & Bulk Discounts for WooCommerce
Researcher
CVE-ID
CVE-2024-8800
CVE-2024-8800
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
CVE-ID
CVE-2024-47395
CVE-2024-47395
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Robokassa payment gateway for Woocommerce
Robokassa payment gateway for Woocommerce
Researcher
CVE-ID
CVE-2024-9225
CVE-2024-9225
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
Affected Software
SEOPress – On-site SEO
SEOPress – On-site SEO
Researcher
CVE-ID
CVE-2024-9435
CVE-2024-9435
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
ShiftController Employee Shift Scheduling
ShiftController Employee Shift Scheduling
Researcher
CVE-ID
CVE-2024-47354
CVE-2024-47354
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Simple Membership After Login Redirection
Simple Membership After Login Redirection
Researcher
CVE-ID
CVE-2024-47388
CVE-2024-47388
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Affiliate Program Suite — SliceWP Affiliates
Affiliate Program Suite — SliceWP Affiliates
Researcher
CVE-ID
CVE-2024-9204
CVE-2024-9204
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Smart Custom 404 Error Page
Smart Custom 404 Error Page
Researcher
CVE-ID
CVE-2024-47369
CVE-2024-47369
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Social Auto Poster
Social Auto Poster
Researcher
CVE-ID
CVE-2024-8793
CVE-2024-8793
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More
Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More
Researcher
CVE-ID
CVE-2024-47386
CVE-2024-47386
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
The Ultimate WordPress Toolkit – WP Extended
The Ultimate WordPress Toolkit – WP Extended
Researcher
CVE-ID
CVE-2024-9385
CVE-2024-9385
Patch Status
Patched
Patched
Published
Oct 4, 2024
Oct 4, 2024
Affected Software
Themify Builder
Themify Builder
Researcher
CVE-ID
CVE-2024-45454
CVE-2024-45454
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
CVE-ID
CVE-2024-47379
CVE-2024-47379
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Web Directory Free
Web Directory Free
Researcher
CVE-ID
CVE-2024-9375
CVE-2024-9375
Patch Status
Unpatched
Unpatched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
WordPress Captcha Plugin by Captcha Bank
WordPress Captcha Plugin by Captcha Bank
Researcher
CVE-ID
CVE-2024-47352
CVE-2024-47352
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
WP Bulk Delete
WP Bulk Delete
Researcher
CVE-ID
CVE-2024-47384
CVE-2024-47384
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
WP Compress – Instant Performance & Speed Optimization
WP Compress – Instant Performance & Speed Optimization
Researcher
CVE-ID
CVE-2024-9209
CVE-2024-9209
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Search Analytics for WP
Search Analytics for WP
Researcher
CVE-ID
CVE-2024-47380
CVE-2024-47380
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
WP-Lister Lite for eBay
WP-Lister Lite for eBay
Researcher
CVE-ID
CVE-2024-47378
CVE-2024-47378
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
WPCOM Member
WPCOM Member
Researcher
CVE-ID
CVE-2024-47349
CVE-2024-47349
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
WPMobile.App — Android and iOS Mobile Application
WPMobile.App — Android and iOS Mobile Application
Researcher
CVE-ID
CVE-2024-47348
CVE-2024-47348
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Visual CSS Style Editor
Visual CSS Style Editor
Researcher
CVE-ID
CVE-2024-47367
CVE-2024-47367
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
YITH WooCommerce Product Add-Ons
YITH WooCommerce Product Add-Ons
Researcher
CVE-ID
CVE-2024-9378
CVE-2024-9378
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
Affected Software
YML for Yandex Market
YML for Yandex Market
Researcher
CVE-ID
CVE-2024-8254
CVE-2024-8254
Patch Status
Patched
Patched
Published
Oct 1, 2024
Oct 1, 2024
CVE-ID
CVE-2024-47359
CVE-2024-47359
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
CVE-ID
CVE-2024-47358
CVE-2024-47358
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Researcher
CVE-ID
CVE-2024-8430
CVE-2024-8430
Patch Status
Unpatched
Unpatched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Spice Starter Sites
Spice Starter Sites
Researcher
CVE-ID
CVE-2024-8520
CVE-2024-8520
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
CVE-ID
CVE-2024-9528
CVE-2024-9528
Patch Status
Patched
Patched
Published
Oct 4, 2024
Oct 4, 2024
Affected Software
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Researcher
CVE-ID
CVE-2024-8499
CVE-2024-8499
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
Checkout Field Editor (Checkout Manager) for WooCommerce
Checkout Field Editor (Checkout Manager) for WooCommerce
Researcher
CVE-ID
CVE-2024-47647
CVE-2024-47647
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin
FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin
Researcher
CVE-ID
CVE-2024-47377
CVE-2024-47377
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
CVE-ID
CVE-2024-47381
CVE-2024-47381
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
CVE-ID
CVE-2024-47387
CVE-2024-47387
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Search Atlas SEO – Best SEO Plugin for One-Click WP Publishing & Integrated AI Optimization
Search Atlas SEO – Best SEO Plugin for One-Click WP Publishing & Integrated AI Optimization
Researcher
CVE-ID
CVE-2024-47376
CVE-2024-47376
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Slideshow Gallery LITE
Slideshow Gallery LITE
Researcher
CVE-ID
CVE-2024-47372
CVE-2024-47372
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
TNC PDF viewer
TNC PDF viewer
Researcher
CVE-ID
CVE-2024-9306
CVE-2024-9306
Patch Status
Patched
Patched
Published
Oct 3, 2024
Oct 3, 2024
Affected Software
WP Booking Calendar
WP Booking Calendar
Researcher
CVE-ID
CVE-2024-47371
CVE-2024-47371
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
WP MyLinks
WP MyLinks
Researcher
CartBounty – Save and recover abandoned carts for WooCommerce <= 8.2 - Cross-Site Request Forgery
4.3
CVE-ID
CVE-2024-47634
CVE-2024-47634
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
CartBounty – Save and recover abandoned carts for WooCommerce
CartBounty – Save and recover abandoned carts for WooCommerce
Researcher
CVE-ID
CVE-2024-47361
CVE-2024-47361
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Elementor Addon Elements
Elementor Addon Elements
Researcher
CVE-ID
CVE-2024-47637
CVE-2024-47637
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
LiteSpeed Cache
LiteSpeed Cache
Researcher
CVE-ID
CVE-2024-8675
CVE-2024-8675
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Soumettre.fr
Soumettre.fr
Researcher
CVE-ID
CVE-2024-47362
CVE-2024-47362
Patch Status
Patched
Patched
Published
Sep 30, 2024
Sep 30, 2024
Affected Software
Strong Testimonials
Strong Testimonials
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments