Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with >=1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.
Last week, there were 181 vulnerabilities disclosed in 159 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 18,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- Wechat Social login <= 1.3.0 – Authentication Bypass
- Wechat Social login <= 1.3.0 – Unauthenticated Arbitrary File Upload
- Echo RSS Feed Post Generator <= 5.4.6 – Unauthenticated Privilege Escalation
- WordPress & WooCommerce Affiliate Program <= 8.4.1 – Authentication Bypass to Account Takeover and Privilege Escalation
- WAF-RULE-748 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-749 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-750 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-752 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 129 |
| Unpatched | 52 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 2 |
| Medium Severity | 134 |
| High Severity | 23 |
| Critical Severity | 22 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 93 |
| Missing Authorization | 25 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 15 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 14 |
| Cross-Site Request Forgery (CSRF) | 7 |
| Exposure of Sensitive Information to an Unauthorized Actor | 6 |
| Authorization Bypass Through User-Controlled Key | 4 |
| Deserialization of Untrusted Data | 4 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 4 |
| Unrestricted Upload of File with Dangerous Type | 3 |
| Improper Control of Generation of Code ('Code Injection') | 2 |
| Authentication Bypass Using an Alternate Path or Channel | 1 |
| Exposure of Sensitive Information Through Metadata | 1 |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 1 |
| Unverified Password Change | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 19 | |
| 12 | |
| 11 | |
| 10 | |
| 8 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 012 Ps Multi Languages | 012-ps-multi-languages |
| ABC APP CREATOR | abcapp-creator |
| Absolute Reviews | absolute-reviews |
| Accordion | accordions |
| Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads | quick-adsense-reloaded |
| Advanced File Manager | file-manager-advanced |
| AnWP Football Leagues | football-leagues-by-anwppro |
| Appointment & Event Booking Calendar Plugin – Webba Booking | webba-booking-lite |
| ARI Fancy Lightbox – Popup for WordPress | ari-fancy-lightbox |
| BA Book Everything | ba-book-everything |
| Beam me up Scotty – Back to Top Button | beam-me-up-scotty |
| Beaver Builder – WordPress Page Builder | beaver-builder-lite-version |
| Bold Page Builder | bold-page-builder |
| Bulk NoIndex & NoFollow Toolkit | bulk-noindex-nofollow-toolkit-by-mad-fish |
| Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | charitable |
| Charity Addon for Elementor | charity-addon-for-elementor |
| Chartify – WordPress Chart Plugin | chart-builder |
| Checkout Mestres do WP for WooCommerce | checkout-mestres-wp |
| Cities Shipping Zones for WooCommerce | cities-shipping-zones-for-woocommerce |
| Classic Editor and Classic Widgets | classic-editor-and-classic-widgets |
| ClickSold IDX | clicksold-wordpress-plugin |
| Common Tools for Site | common-tools-for-site |
| Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App | peepso-core |
| Confetti Fall Animation | confetti-fall-animation |
| Contact Form 7 Campaign Monitor Extension | contact-form-7-campaign-monitor-extension |
| Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder | bit-form |
| Contact Form to Any API | contact-form-to-any-api |
| Crowdsignal Dashboard – Polls, Surveys & more | polldaddy |
| CSS JS Files | css-js-files |
| CubeWP Forms – All-in-One Form Builder | cubewp-forms |
| Daily Prayer Time | daily-prayer-time-for-mosques |
| Directory Listings WordPress plugin – uListing | ulisting |
| Download Monitor | download-monitor |
| Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | easy-digital-downloads |
| Easy Mega Menu Plugin for WordPress – ThemeHunk | themehunk-megamenu-plus |
| Easy PayPal Events | easy-paypal-events-tickets |
| Elementor Addons by Livemesh | addons-for-elementor |
| ElementsKit Elementor addons | elementskit-lite |
| ElementsReady Addons for Elementor | element-ready-lite |
| Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce | email-subscribers |
| EU/UK VAT Manager for WooCommerce | eu-vat-for-woocommerce |
| Event Manager, Events Calendar, Tickets, Registrations – Eventin | wp-event-solution |
| Fluent Support – Helpdesk & Customer Support Ticket System | fluent-support |
| Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
| Garden Gnome Package | garden-gnome-package |
| GEO my WP | geo-my-wp |
| GF Custom Style | gf-custom-style |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) | graphicsly |
| GTM Server Side | gtm-server-side |
| Gum Elementor Addon | gum-elementor-addon |
| GutenGeek Free Gutenberg Blocks for WordPress | gtg-advanced-blocks |
| Happy Addons for Elementor | happy-elementor-addons |
| HT Mega – Absolute Addons For Elementor | ht-mega-for-elementor |
| HUSKY – Products Filter Professional for WooCommerce | woocommerce-products-filter |
| IdeaPush | ideapush |
| Instant Chat Floating Button for WordPress Websites | instant-chat-wp |
| JoomSport – for Sports: Team & League, Football, Hockey & more | joomsport-sports-league-results-management |
| Joy Of Text Lite – SMS messaging for WordPress. | joy-of-text |
| Jupiter X Core | jupiterx-core |
| king_IE | king-ie |
| Kodex Posts likes | kodex-posts-likes |
| Koko Analytics | koko-analytics |
| LiteSpeed Cache | litespeed-cache |
| Loops & Logic | tangible-loops-and-logic |
| Mail logging – WP Mail Catcher | wp-mail-catcher |
| Mapplic Lite | mapplic-lite |
| MAS Static Content | mas-static-content |
| Material Design Icons | material-design-icons |
| MDTF – Meta Data and Taxonomies Filter | wp-meta-data-filter-and-taxonomy-filter |
| Medical Addon for Elementor | medical-addon-for-elementor |
| Mega Elements – Addons for Elementor | mega-elements-addons-for-elementor |
| Meta Slider and Carousel with Lightbox | meta-slider-and-carousel-with-lightbox |
| MH Board | mh-board |
| Move Addons for Elementor | move-addons |
| Multi Step for Contact Form 7 | cf7-multi-step |
| Multiple Page Generator Plugin – MPG | multiple-pages-generator-by-porthas |
| Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) | WordPress Plugin | bus-booking-manager |
| myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification | mycred |
| Newsletters | newsletters-lite |
| NiceJob | nicejob |
| Ninja Forms – The Contact Form Builder That Grows With You | ninja-forms |
| OneElements – Best Elementor Addons | oneelements-ultimate-addons-for-elementor |
| OSM – OpenStreetMap | osm |
| Photo Gallery by 10Web – Mobile-Friendly Image Gallery | photo-gallery |
| Pixel Cat – Conversion Pixel Manager | facebook-conversion-pixel |
| Podiant | podiant |
| Polls CP | cp-polls |
| Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin | mailoptin |
| Post Grid and Gutenberg Blocks | post-grid |
| Premium Addons for Elementor | premium-addons-for-elementor |
| Premium Packages – Sell Digital Products Securely | wpdm-premium-packages |
| Primary Addon for Elementor | primary-addon-for-elementor |
| Prisna GWT – Google Website Translator | google-website-translator |
| Product Enquiry for WooCommerce, WooCommerce product catalog | enquiry-quotation-for-woocommerce |
| ProfileGrid – User Profiles, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
| PWA for WP & AMP | pwa-for-wp |
| Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress | radio-player |
| Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit | wp-marketing-automations |
| REST API TO MiniProgram | rest-api-to-miniprogram |
| Restaurant & Cafe Addon for Elementor | restaurant-cafe-addon-for-elementor |
| Review & testimonial widgets | trustmary |
| Revolut Gateway for WooCommerce | revolut-gateway-for-woocommerce |
| Salon Booking System | salon-booking-system |
| Secure Copy Content Protection and Content Locking | secure-copy-content-protection |
| Seriously Simple Stats | seriously-simple-stats |
| Share This Image | share-this-image |
| ShiftController Employee Shift Scheduling | shiftcontroller |
| ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) | woolentor-addons |
| Sight – Professional Image Gallery and Portfolio | sight |
| Simple Calendar – Google Calendar Plugin | google-calendar-events |
| Simple LDAP Login | simple-ldap-login |
| Simple Popup Plugin | simple-popup-plugin |
| Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) | sky-elementor-addons |
| Special Text Boxes | wp-special-textboxes |
| Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. | wpgsi |
| Starter Templates — Elementor, WordPress & Beaver Builder Templates | astra-sites |
| Store Hours for WooCommerce | order-hours-scheduler-for-woocommerce |
| Sunshine Photo Cart: Free Client Photo Galleries for Photographers | sunshine-photo-cart |
| Super Testimonials | sola-testimonials |
| Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud! | templately |
| Terms descriptions | terms-descriptions |
| Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam | bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang |
| The Events Calendar | the-events-calendar |
| Themedy Toolbox | themedy-toolbox |
| Themesflat Addons For Elementor | themesflat-addons-for-elementor |
| Themify – WooCommerce Product Filter | themify-wc-product-filter |
| Truepush – Most Affordable Web Push Notifications | truepush-free-web-push-notifications |
| Uncanny Groups for LearnDash | uncanny-learndash-groups |
| Use Any Font | Custom Font Uploader | use-any-font |
| UsersControl – Users Profile, Free or Paid Subscriptions, User Access Restriction & Members Directory | users-control |
| Vmax Project Manager | vmax-project-manager |
| VR Calendar | vr-calendar-sync |
| W3 Total Cache | w3-total-cache |
| WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible | wc-frontend-manager |
| Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode | coming-soon |
| Wheel of Life: Coaching and Assessment Tool for Life Coach | wheel-of-life |
| WooEvents - Calendar and Event Booking | woo-events |
| WordPress Simple HTML Sitemap | wp-simple-html-sitemap |
| WordPress Visitors | nm-visitors |
| WP Abstracts | wp-abstracts-manuscripts-manager |
| WP Category Dropdown | wp-category-dropdown |
| WP Datepicker | wp-datepicker |
| WP Easy Gallery – WordPress Gallery Plugin | wp-easy-gallery |
| WP Free SSL – Free SSL Certificate for WordPress and force HTTPS | wp-free-ssl |
| WP GPX Maps | wp-gpx-maps |
| WP MultiTasking – WP Utilities | wp-multitasking |
| WP Newsletter Subscription | wp-newsletter-subscription |
| WP Ticket Ultra Help Desk & Support Plugin | wp-ticket-ultra |
| WP Timeline – Vertical and Horizontal timeline plugin | wp-timelines |
| WP Travel – Ultimate Travel Booking System, Tour Management Engine | wp-travel |
| WP-DownloadManager | wp-downloadmanager |
| WP-WebAuthn | wp-webauthn |
| WPExperts Square For GiveWP | wpexperts-square-for-give |
| WPSPX | wpspx |
| WPZOOM Shortcodes | wpzoom-shortcodes |
| WS Form LITE – Drag & Drop Contact Form Builder for WordPress | ws-form |
| XT Ajax Add To Cart for WooCommerce | xt-woo-ajax-add-to-cart |
| Zoho Flow for WordPress | zoho-flow |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Catch Base | catch-base |
| Viala | viala |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection
10.0
CVE-ID
CVE-2024-8353
CVE-2024-8353
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
GiveWP – Donation Plugin and Fundraising Platform
GiveWP – Donation Plugin and Fundraising Platform
Researcher
CVE-ID
CVE-2024-8621
CVE-2024-8621
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Daily Prayer Time
Daily Prayer Time
Researcher
CVE-ID
CVE-2024-8624
CVE-2024-8624
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
MDTF – Meta Data and Taxonomies Filter
MDTF – Meta Data and Taxonomies Filter
Researcher
CVE-ID
CVE-2024-8436
CVE-2024-8436
Patch Status
Unpatched
Unpatched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
WP Easy Gallery – WordPress Gallery Plugin
WP Easy Gallery – WordPress Gallery Plugin
Researcher
CVE-ID
CVE-2024-44023
CVE-2024-44023
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
ABC APP CREATOR
ABC APP CREATOR
Researcher
CVE-ID
CVE-2024-44019
CVE-2024-44019
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Contact Form 7 Campaign Monitor Extension
Contact Form 7 Campaign Monitor Extension
Researcher
CVE-ID
CVE-2024-8791
CVE-2024-8791
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More
Researcher
Instant Chat Floating Button for WordPress Websites <= 1.0.5 - Unauthenticated Local File Inclusion
9.8
CVE-ID
CVE-2024-44018
CVE-2024-44018
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Instant Chat Floating Button for WordPress Websites
Instant Chat Floating Button for WordPress Websites
Researcher
CVE-ID
CVE-2024-44017
CVE-2024-44017
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
MH Board
MH Board
Researcher
CVE-ID
CVE-2024-44016
CVE-2024-44016
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Podiant
Podiant
Researcher
CVE-ID
CVE-2024-8485
CVE-2024-8485
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
REST API TO MiniProgram
REST API TO MiniProgram
Researcher
CVE-ID
CVE-2024-8275
CVE-2024-8275
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
The Events Calendar
The Events Calendar
Researcher
CVE-ID
CVE-2024-44015
CVE-2024-44015
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
UsersControl – Users Profile, Free or Paid Subscriptions, User Access Restriction & Members Directory
UsersControl – Users Profile, Free or Paid Subscriptions, User Access Restriction & Members Directory
Researcher
CVE-ID
CVE-2024-44014
CVE-2024-44014
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Vmax Project Manager
Vmax Project Manager
Researcher
CVE-ID
CVE-2024-44013
CVE-2024-44013
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
VR Calendar
VR Calendar
Researcher
CVE-ID
CVE-2024-44012
CVE-2024-44012
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
WP Newsletter Subscription
WP Newsletter Subscription
Researcher
CVE-ID
CVE-2024-44011
CVE-2024-44011
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
WP Ticket Ultra Help Desk & Support Plugin
WP Ticket Ultra Help Desk & Support Plugin
Researcher
CVE-ID
CVE-2024-47323
CVE-2024-47323
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
WP Timeline – Vertical and Horizontal timeline plugin
WP Timeline – Vertical and Horizontal timeline plugin
Researcher
CVE-ID
CVE-2024-44034
CVE-2024-44034
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
WPSPX
WPSPX
Researcher
CVE-ID
CVE-2024-8514
CVE-2024-8514
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Prisna GWT – Google Website Translator
Prisna GWT – Google Website Translator
Researcher
CVE-ID
CVE-2024-8671
CVE-2024-8671
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
WooEvents - Calendar and Event Booking
WooEvents - Calendar and Event Booking
Researcher
CVE-ID
CVE-2024-7385
CVE-2024-7385
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
WordPress Simple HTML Sitemap
WordPress Simple HTML Sitemap
Researcher
BA Book Everything <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover
8.8
CVE-ID
CVE-2024-8795
CVE-2024-8795
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
BA Book Everything
BA Book Everything
Researcher
CVE-ID
CVE-2024-7149
CVE-2024-7149
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
Event Manager, Events Calendar, Tickets, Registrations – Eventin
Event Manager, Events Calendar, Tickets, Registrations – Eventin
Researcher
CVE-ID
CVE-2024-8922
CVE-2024-8922
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
Product Enquiry for WooCommerce, WooCommerce product catalog
Product Enquiry for WooCommerce, WooCommerce product catalog
Researcher
CVE-ID
CVE-2024-8290
CVE-2024-8290
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
Researcher
CVE-ID
CVE-2024-47324
CVE-2024-47324
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
WP Timeline – Vertical and Horizontal timeline plugin
WP Timeline – Vertical and Horizontal timeline plugin
Researcher
CVE-ID
CVE-2024-7781
CVE-2024-7781
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Jupiter X Core
Jupiter X Core
Researcher
CVE-ID
CVE-2024-8126
CVE-2024-8126
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Advanced File Manager
Advanced File Manager
Researcher
CVE-ID
CVE-2024-47331
CVE-2024-47331
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
Multi Step for Contact Form 7
Multi Step for Contact Form 7
Researcher
CVE-ID
CVE-2024-8484
CVE-2024-8484
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
REST API TO MiniProgram
REST API TO MiniProgram
Researcher
MDTF – Meta Data and Taxonomies Filter <= 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution
7.3
CVE-ID
CVE-2024-8623
CVE-2024-8623
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
MDTF – Meta Data and Taxonomies Filter
MDTF – Meta Data and Taxonomies Filter
Researcher
CVE-ID
CVE-2024-8481
CVE-2024-8481
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Special Text Boxes
Special Text Boxes
Researcher
CVE-ID
CVE-2024-8704
CVE-2024-8704
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Advanced File Manager
Advanced File Manager
Researcher
Bit Form – Contact Form Plugin <= 2.13.10 - Authenticated (Administrator+) Arbitrary File Upload
7.2
CVE-ID
CVE-2024-47319
CVE-2024-47319
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
CVE-ID
CVE-2024-47301
CVE-2024-47301
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
CVE-ID
CVE-2024-44030
CVE-2024-44030
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Checkout Mestres do WP for WooCommerce
Checkout Mestres do WP for WooCommerce
Researcher
Cities Shipping Zones for WooCommerce <= 1.2.7 - Authenticated (Shop Manager+) Local File Inclusion
7.2
CVE-ID
CVE-2024-47309
CVE-2024-47309
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Cities Shipping Zones for WooCommerce
Cities Shipping Zones for WooCommerce
Researcher
CVE-ID
CVE-2024-7617
CVE-2024-7617
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Contact Form to Any API
Contact Form to Any API
Researcher
CVE-ID
CVE-2024-47300
CVE-2024-47300
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
CubeWP Forms – All-in-One Form Builder
CubeWP Forms – All-in-One Form Builder
Researcher
CVE-ID
CVE-2022-2439
CVE-2022-2439
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Researcher
CVE-ID
CVE-2024-9130
CVE-2024-9130
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
GiveWP – Donation Plugin and Fundraising Platform
GiveWP – Donation Plugin and Fundraising Platform
Researcher
CVE-ID
CVE-2024-8914
CVE-2024-8914
Patch Status
Unpatched
Unpatched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam
Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam
Researcher
CVE-ID
CVE-2024-8349
CVE-2024-8349
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Uncanny Groups for LearnDash
Uncanny Groups for LearnDash
Researcher
CVE-ID
CVE-2022-4541
CVE-2022-4541
Patch Status
Unpatched
Unpatched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
WordPress Visitors
WordPress Visitors
Researcher
CVE-ID
CVE-2024-8725
CVE-2024-8725
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Advanced File Manager
Advanced File Manager
Researcher
CVE-ID
CVE-2024-47312
CVE-2024-47312
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Classic Editor and Classic Widgets
Classic Editor and Classic Widgets
Researcher
CVE-ID
CVE-2024-47304
CVE-2024-47304
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Fluent Support – Helpdesk & Customer Support Ticket System
Fluent Support – Helpdesk & Customer Support Ticket System
Researcher
CVE-ID
CVE-2024-47325
CVE-2024-47325
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Multiple Page Generator Plugin – MPG
Multiple Page Generator Plugin – MPG
Researcher
CVE-ID
CVE-2024-8723
CVE-2024-8723
Patch Status
Unpatched
Unpatched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
012 Ps Multi Languages
012 Ps Multi Languages
Researcher
CVE-ID
CVE-2024-8965
CVE-2024-8965
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
Absolute Reviews
Absolute Reviews
Researcher
CVE-ID
CVE-2024-47342
CVE-2024-47342
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
Accordion
Accordion
Researcher
CVE-ID
CVE-2024-8917
CVE-2024-8917
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
AnWP Football Leagues
AnWP Football Leagues
Researcher
CVE-ID
CVE-2024-47310
CVE-2024-47310
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
ARI Fancy Lightbox – Popup for WordPress
ARI Fancy Lightbox – Popup for WordPress
Researcher
CVE-ID
CVE-2024-9049
CVE-2024-9049
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
Beaver Builder – WordPress Page Builder
Beaver Builder – WordPress Page Builder
Researcher
CVE-ID
CVE-2024-47298
CVE-2024-47298
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Bold Page Builder
Bold Page Builder
Researcher
CVE-ID
CVE-2024-47313
CVE-2024-47313
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Catch Base
Catch Base
Researcher
CVE-ID
CVE-2024-44026
CVE-2024-44026
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Charity Addon for Elementor
Charity Addon for Elementor
Researcher
CVE-ID
CVE-2024-9115
CVE-2024-9115
Patch Status
Unpatched
Unpatched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Common Tools for Site
Common Tools for Site
Researcher
CVE-ID
CVE-2024-8919
CVE-2024-8919
Patch Status
Unpatched
Unpatched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Confetti Fall Animation
Confetti Fall Animation
Researcher
CVE-ID
CVE-2024-8858
CVE-2024-8858
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Elementor Addons by Livemesh
Elementor Addons by Livemesh
Researcher
CVE-ID
CVE-2024-8546
CVE-2024-8546
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
ElementsKit Elementor addons
ElementsKit Elementor addons
Researcher
CVE-ID
CVE-2024-47329
CVE-2024-47329
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
ElementsReady Addons for Elementor
ElementsReady Addons for Elementor
Researcher
CVE-ID
CVE-2024-8657
CVE-2024-8657
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Garden Gnome Package
Garden Gnome Package
Researcher
GF Custom Style <= 2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
6.4
CVE-ID
CVE-2024-9173
CVE-2024-9173
Patch Status
Unpatched
Unpatched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
GF Custom Style
GF Custom Style
Researcher
CVE-ID
CVE-2024-9069
CVE-2024-9069
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
CVE-ID
CVE-2024-44027
CVE-2024-44027
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Gum Elementor Addon
Gum Elementor Addon
Researcher
CVE-ID
CVE-2024-44035
CVE-2024-44035
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Gum Elementor Addon
Gum Elementor Addon
Researcher
CVE-ID
CVE-2024-9073
CVE-2024-9073
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
GutenGeek Free Gutenberg Blocks for WordPress
GutenGeek Free Gutenberg Blocks for WordPress
Researcher
CVE-ID
CVE-2024-9125
CVE-2024-9125
Patch Status
Unpatched
Unpatched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
king_IE
king_IE
Researcher
CVE-ID
CVE-2024-9117
CVE-2024-9117
Patch Status
Unpatched
Unpatched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Mapplic Lite
Mapplic Lite
Researcher
CVE-ID
CVE-2024-9024
CVE-2024-9024
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Material Design Icons
Material Design Icons
Researcher
CVE-ID
CVE-2024-44024
CVE-2024-44024
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Medical Addon for Elementor
Medical Addon for Elementor
Researcher
CVE-ID
CVE-2024-47343
CVE-2024-47343
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
Mega Elements – Addons for Elementor
Mega Elements – Addons for Elementor
Researcher
CVE-ID
CVE-2024-47307
CVE-2024-47307
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Meta Slider and Carousel with Lightbox
Meta Slider and Carousel with Lightbox
Researcher
CVE-ID
CVE-2024-47396
CVE-2024-47396
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Move Addons for Elementor
Move Addons for Elementor
Researcher
CVE-ID
CVE-2024-44025
CVE-2024-44025
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
NiceJob
NiceJob
Researcher
CVE-ID
CVE-2024-9068
CVE-2024-9068
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
OneElements – Best Elementor Addons
OneElements – Best Elementor Addons
Researcher
CVE-ID
CVE-2024-8991
CVE-2024-8991
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
OSM – OpenStreetMap
OSM – OpenStreetMap
Researcher
Post Grid and Gutenberg Blocks <= 2.2.89 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-47340
CVE-2024-47340
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
Post Grid and Gutenberg Blocks
Post Grid and Gutenberg Blocks
Researcher
CVE-ID
CVE-2024-8681
CVE-2024-8681
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
Premium Addons for Elementor
Premium Addons for Elementor
Researcher
CVE-ID
CVE-2024-44033
CVE-2024-44033
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Primary Addon for Elementor
Primary Addon for Elementor
Researcher
CVE-ID
CVE-2024-8861
CVE-2024-8861
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
ProfileGrid – User Profiles, Groups and Communities
ProfileGrid – User Profiles, Groups and Communities
Researcher
CVE-ID
CVE-2024-8267
CVE-2024-8267
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Researcher
CVE-ID
CVE-2024-44032
CVE-2024-44032
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Restaurant & Cafe Addon for Elementor
Restaurant & Cafe Addon for Elementor
Researcher
Review & testimonial widgets <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-44022
CVE-2024-44022
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Review & testimonial widgets
Review & testimonial widgets
Researcher
CVE-ID
CVE-2024-8668
CVE-2024-8668
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
CVE-ID
CVE-2024-8547
CVE-2024-8547
Patch Status
Unpatched
Unpatched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
Simple Popup Plugin
Simple Popup Plugin
Researcher
CVE-ID
CVE-2024-47332
CVE-2024-47332
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
CVE-ID
CVE-2024-47345
CVE-2024-47345
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
Starter Templates — Elementor, WordPress & Beaver Builder Templates
Starter Templates — Elementor, WordPress & Beaver Builder Templates
Researcher
CVE-ID
CVE-2024-9127
CVE-2024-9127
Patch Status
Unpatched
Unpatched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Super Testimonials
Super Testimonials
Researcher
CVE-ID
CVE-2024-9177
CVE-2024-9177
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
Themedy Toolbox
Themedy Toolbox
Researcher
Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-8515
CVE-2024-8515
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Themesflat Addons For Elementor
Themesflat Addons For Elementor
Researcher
CVE-ID
CVE-2024-8103
CVE-2024-8103
Patch Status
Unpatched
Unpatched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
WP Category Dropdown
WP Category Dropdown
Researcher
WP GPX Maps <= 1.7.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via sgpx Shortcode
6.4
CVE-ID
CVE-2024-9028
CVE-2024-9028
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
WP GPX Maps
WP GPX Maps
Researcher
CVE-ID
CVE-2024-9023
CVE-2024-9023
Patch Status
Unpatched
Unpatched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
WP-WebAuthn
WP-WebAuthn
Researcher
CVE-ID
CVE-2024-9027
CVE-2024-9027
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
WPZOOM Shortcodes
WPZOOM Shortcodes
Researcher
CVE-ID
CVE-2024-6590
CVE-2024-6590
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
CVE-ID
CVE-2024-8741
CVE-2024-8741
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Beam me up Scotty – Back to Top Button
Beam me up Scotty – Back to Top Button
Researcher
CVE-ID
CVE-2024-8803
CVE-2024-8803
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Bulk NoIndex & NoFollow Toolkit
Bulk NoIndex & NoFollow Toolkit
Researcher
CVE-ID
CVE-2024-47347
CVE-2024-47347
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
Chartify – WordPress Chart Plugin
Chartify – WordPress Chart Plugin
Researcher
CVE-ID
CVE-2024-8788
CVE-2024-8788
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
EU/UK VAT Manager for WooCommerce
EU/UK VAT Manager for WooCommerce
Researcher
CVE-ID
CVE-2024-47327
CVE-2024-47327
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
GEO my WP
GEO my WP
Researcher
CVE-ID
CVE-2024-8712
CVE-2024-8712
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
GTM Server Side
GTM Server Side
Researcher
CVE-ID
CVE-2024-8713
CVE-2024-8713
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Kodex Posts likes
Kodex Posts likes
Researcher
CVE-ID
CVE-2024-8662
CVE-2024-8662
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Koko Analytics
Koko Analytics
Researcher
CVE-ID
CVE-2024-47333
CVE-2024-47333
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
Loops & Logic
Loops & Logic
Researcher
CVE-ID
CVE-2024-47346
CVE-2024-47346
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
Newsletters
Newsletters
Researcher
CVE-ID
CVE-2024-8544
CVE-2024-8544
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Pixel Cat – Conversion Pixel Manager
Pixel Cat – Conversion Pixel Manager
Researcher
CVE-ID
CVE-2024-47306
CVE-2024-47306
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Secure Copy Content Protection and Content Locking
Secure Copy Content Protection and Content Locking
Researcher
CVE-ID
CVE-2024-8738
CVE-2024-8738
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Seriously Simple Stats
Seriously Simple Stats
Researcher
CVE-ID
CVE-2024-47326
CVE-2024-47326
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Share This Image
Share This Image
Researcher
CVE-ID
CVE-2024-8549
CVE-2024-8549
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Simple Calendar – Google Calendar Plugin
Simple Calendar – Google Calendar Plugin
Researcher
CVE-ID
CVE-2024-8715
CVE-2024-8715
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
Simple LDAP Login
Simple LDAP Login
Researcher
CVE-ID
CVE-2024-8872
CVE-2024-8872
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Store Hours for WooCommerce
Store Hours for WooCommerce
Researcher
CVE-ID
CVE-2024-44029
CVE-2024-44029
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Viala
Viala
Researcher
CVE-ID
CVE-2024-47339
CVE-2024-47339
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
Mail logging – WP Mail Catcher
Mail logging – WP Mail Catcher
Researcher
CVE-ID
CVE-2024-47322
CVE-2024-47322
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
WP Timeline – Vertical and Horizontal timeline plugin
WP Timeline – Vertical and Horizontal timeline plugin
Researcher
CVE-ID
CVE-2024-47341
CVE-2024-47341
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
WP-DownloadManager
WP-DownloadManager
Researcher
CVE-ID
CVE-2024-47320
CVE-2024-47320
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
WS Form LITE – Drag & Drop Contact Form Builder for WordPress
WS Form LITE – Drag & Drop Contact Form Builder for WordPress
Researcher
CVE-ID
CVE-2024-8716
CVE-2024-8716
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
XT Ajax Add To Cart for WooCommerce
XT Ajax Add To Cart for WooCommerce
Researcher
CVE-ID
CVE-2024-8633
CVE-2024-8633
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Researcher
CVE-ID
CVE-2024-9169
CVE-2024-9169
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
LiteSpeed Cache
LiteSpeed Cache
Researcher
CVE-ID
CVE-2024-8628
CVE-2024-8628
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Researcher
CVE-ID
CVE-2024-8794
CVE-2024-8794
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
BA Book Everything
BA Book Everything
Researcher
CVE-ID
CVE-2024-7426
CVE-2024-7426
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App
Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App
Researcher
CVE-ID
CVE-2024-9189
CVE-2024-9189
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
EU/UK VAT Manager for WooCommerce
EU/UK VAT Manager for WooCommerce
Researcher
CVE-ID
CVE-2024-47302
CVE-2024-47302
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Fluent Support – Helpdesk & Customer Support Ticket System
Fluent Support – Helpdesk & Customer Support Ticket System
Researcher
CVE-ID
CVE-2024-7491
CVE-2024-7491
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
HUSKY – Products Filter Professional for WooCommerce
HUSKY – Products Filter Professional for WooCommerce
Researcher
CVE-ID
CVE-2024-8658
CVE-2024-8658
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
CVE-ID
CVE-2024-8678
CVE-2024-8678
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Revolut Gateway for WooCommerce
Revolut Gateway for WooCommerce
Researchers
CVE-ID
CVE-2024-9025
CVE-2024-9025
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Sight – Professional Image Gallery and Portfolio
Sight – Professional Image Gallery and Portfolio
Researcher
CVE-ID
CVE-2024-44038
CVE-2024-44038
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Researcher
CVE-ID
CVE-2024-47308
CVE-2024-47308
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Researcher
CVE-ID
CVE-2024-44021
CVE-2024-44021
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Truepush – Most Affordable Web Push Notifications
Truepush – Most Affordable Web Push Notifications
Researcher
CVE-ID
CVE-2024-47344
CVE-2024-47344
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
Directory Listings WordPress plugin – uListing
Directory Listings WordPress plugin – uListing
Researcher
CVE-ID
CVE-2024-47311
CVE-2024-47311
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Wheel of Life: Coaching and Assessment Tool for Life Coach
Wheel of Life: Coaching and Assessment Tool for Life Coach
Researcher
CVE-ID
CVE-2024-47328
CVE-2024-47328
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
Researcher
CVE-ID
CVE-2024-47335
CVE-2024-47335
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
CVE-ID
CVE-2024-9146
CVE-2024-9146
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
CSS JS Files
CSS JS Files
Researcher
CVE-ID
CVE-2024-47338
CVE-2024-47338
Patch Status
Unpatched
Unpatched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
WPExperts Square For GiveWP
WPExperts Square For GiveWP
Researcher
CVE-ID
CVE-2024-47334
CVE-2024-47334
Patch Status
Patched
Patched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
Zoho Flow for WordPress
Zoho Flow for WordPress
Researcher
CVE-ID
CVE-2024-3866
CVE-2024-3866
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Ninja Forms – The Contact Form Builder That Grows With You
Ninja Forms – The Contact Form Builder That Grows With You
Researcher
CVE-ID
CVE-2024-47299
CVE-2024-47299
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
CVE-ID
CVE-2024-44036
CVE-2024-44036
Patch Status
Unpatched
Unpatched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Kodex Posts likes
Kodex Posts likes
Researcher
CVE-ID
CVE-2024-44037
CVE-2024-44037
Patch Status
Unpatched
Unpatched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) | WordPress Plugin
Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) | WordPress Plugin
Researcher
CVE-ID
CVE-2024-44043
CVE-2024-44043
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Researcher
CVE-ID
CVE-2024-44040
CVE-2024-44040
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
ShiftController Employee Shift Scheduling
ShiftController Employee Shift Scheduling
Researcher
CVE-ID
CVE-2024-47336
CVE-2024-47336
Patch Status
Unpatched
Unpatched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
Terms descriptions
Terms descriptions
Researcher
CVE-ID
CVE-2024-44046
CVE-2024-44046
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Themify – WooCommerce Product Filter
Themify – WooCommerce Product Filter
Researcher
CVE-ID
CVE-2024-7769
CVE-2024-7769
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
ClickSold IDX
ClickSold IDX
Researcher
CVE-ID
CVE-2024-44045
CVE-2024-44045
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
WP Abstracts
WP Abstracts
Researcher
CVE-ID
CVE-2024-44042
CVE-2024-44042
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
WP Datepicker
WP Datepicker
Researcher
CVE-ID
CVE-2024-8189
CVE-2024-8189
Patch Status
Patched
Patched
Published
Sep 27, 2024
Sep 27, 2024
Affected Software
WP MultiTasking – WP Utilities
WP MultiTasking – WP Utilities
Researcher
CVE-ID
CVE-2024-44039
CVE-2024-44039
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
WP Travel – Ultimate Travel Booking System, Tour Management Engine
WP Travel – Ultimate Travel Booking System, Tour Management Engine
Researcher
CVE-ID
CVE-2024-47317
CVE-2024-47317
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads
Researcher
CVE-ID
CVE-2024-8432
CVE-2024-8432
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Appointment & Event Booking Calendar Plugin – Webba Booking
Appointment & Event Booking Calendar Plugin – Webba Booking
Researcher
CVE-ID
CVE-2024-43338
CVE-2024-43338
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Crowdsignal Dashboard – Polls, Surveys & more
Crowdsignal Dashboard – Polls, Surveys & more
Researcher
CVE-ID
CVE-2024-8552
CVE-2024-8552
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Download Monitor
Download Monitor
Researcher
CVE-ID
CVE-2024-8434
CVE-2024-8434
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Easy Mega Menu Plugin for WordPress – ThemeHunk
Easy Mega Menu Plugin for WordPress – ThemeHunk
Researcher
CVE-ID
CVE-2024-8476
CVE-2024-8476
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Easy PayPal Events
Easy PayPal Events
Researcher
CVE-ID
CVE-2024-8771
CVE-2024-8771
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
CVE-ID
CVE-2024-47315
CVE-2024-47315
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
GiveWP – Donation Plugin and Fundraising Platform
GiveWP – Donation Plugin and Fundraising Platform
Researcher
Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure
4.3
CVE-ID
CVE-2024-8801
CVE-2024-8801
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
Happy Addons for Elementor
Happy Addons for Elementor
Researcher
CVE-ID
CVE-2024-8910
CVE-2024-8910
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
HT Mega – Absolute Addons For Elementor
HT Mega – Absolute Addons For Elementor
Researcher
CVE-ID
CVE-2024-44031
CVE-2024-44031
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
JoomSport – for Sports: Team & League, Football, Hockey & more
JoomSport – for Sports: Team & League, Football, Hockey & more
Researcher
CVE-ID
CVE-2024-47337
CVE-2024-47337
Patch Status
Unpatched
Unpatched
Published
Sep 26, 2024
Sep 26, 2024
Affected Software
Joy Of Text Lite – SMS messaging for WordPress.
Joy Of Text Lite – SMS messaging for WordPress.
Researcher
MAS Static Content <= 1.0.8 - Authenticated (Contributor+) Private Static Content Page Disclosure
4.3
CVE-ID
CVE-2024-8483
CVE-2024-8483
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
MAS Static Content
MAS Static Content
Researcher
CVE-ID
CVE-2024-7386
CVE-2024-7386
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Premium Packages – Sell Digital Products Securely
Premium Packages – Sell Digital Products Securely
Researcher
CVE-ID
CVE-2024-47318
CVE-2024-47318
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
PWA for WP & AMP
PWA for WP & AMP
Researcher
CVE-ID
CVE-2024-47316
CVE-2024-47316
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Salon Booking System
Salon Booking System
Researcher
CVE-ID
CVE-2024-47314
CVE-2024-47314
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Researcher
CVE-ID
CVE-2024-8516
CVE-2024-8516
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Themesflat Addons For Elementor
Themesflat Addons For Elementor
Researcher
CVE-ID
CVE-2024-47305
CVE-2024-47305
Patch Status
Patched
Patched
Published
Sep 25, 2024
Sep 25, 2024
Affected Software
Use Any Font | Custom Font Uploader
Use Any Font | Custom Font Uploader
Researcher
CVE-ID
CVE-2024-8437
CVE-2024-8437
Patch Status
Unpatched
Unpatched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
WP Easy Gallery – WordPress Gallery Plugin
WP Easy Gallery – WordPress Gallery Plugin
Researcher
WP Free SSL – Free SSL Certificate for WordPress and force HTTPS <= 1.2.6 - Missing Authorization
4.3
CVE-ID
CVE-2024-44020
CVE-2024-44020
Patch Status
Unpatched
Unpatched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
WP Free SSL – Free SSL Certificate for WordPress and force HTTPS
WP Free SSL – Free SSL Certificate for WordPress and force HTTPS
Researcher
CVE-ID
CVE-2023-5359
CVE-2023-5359
Patch Status
Patched
Patched
Published
Sep 23, 2024
Sep 23, 2024
Affected Software
W3 Total Cache
W3 Total Cache
Researcher
CVE-ID
CVE-2024-8350
CVE-2024-8350
Patch Status
Patched
Patched
Published
Sep 24, 2024
Sep 24, 2024
Affected Software
Uncanny Groups for LearnDash
Uncanny Groups for LearnDash
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments