Wordfence Intelligence Weekly WordPress Vulnerability Report (November 11, 2024 to November 17, 2024)
🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024:
- All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
- All plugins and themes with 50-999 active installs hosted in the WordPress.org repository and updated within the last 2 years are in-scope for all researchers!
- Minimum bounty of $5 for all valid in-scope submissions.
- All researchers earn automatic bonuses of between 5% to 180% for valid submissions
- Pending report limits are increased for all
- It’s possible to earn up to $31,200 for high impact vulnerabilities!
Last week, there were 163 vulnerabilities disclosed in 148 WordPress Plugins and 4 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 49 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 20,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WordPress GDPR <= 2.0.2 – Missing Authorization to Unauthenticated Arbitrary User Deletion
- WAF-RULE-766 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-767 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-768 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-769 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 74 |
| Unpatched | 89 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 2 |
| Medium Severity | 90 |
| High Severity | 41 |
| Critical Severity | 30 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 52 |
| Missing Authorization | 25 |
| Unrestricted Upload of File with Dangerous Type | 24 |
| Cross-Site Request Forgery (CSRF) | 12 |
| Deserialization of Untrusted Data | 11 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 7 |
| Authorization Bypass Through User-Controlled Key | 5 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 5 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
| Authentication Bypass Using an Alternate Path or Channel | 4 |
| Improper Control of Generation of Code ('Code Injection') | 4 |
| Exposure of Sensitive Information to an Unauthorized Actor | 2 |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 2 |
| Dependency on Vulnerable Third-Party Component | 1 |
| Exposure of Data Element to Wrong Session | 1 |
| External Control of File Name or Path | 1 |
| Improper Neutralization of Special Elements Used in a Template Engine | 1 |
| Improper Privilege Management | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 22 | |
| 17 | |
| 14 | |
| 8 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 404 Error Monitor | 404-error-monitor |
| 404 Solution | 404-solution |
| Admin and Site Enhancements (ASE) | admin-site-enhancements |
| Ads Booster by Ads Pro | free-wp-booster-by-ads-pro |
| Advanced Order Export For WooCommerce | woo-order-export-lite |
| Advanced Personalization | personalization-by-flowcraft |
| AFI – The Easiest Integration Plugin | advanced-form-integration |
| Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One | ai-auto-tool |
| AJAX Login and Registration modal popup + inline form | ajax-login-and-registration-modal-popup |
| AJAX Random Posts | ajax-random-posts |
| Aqua SVG Sprite | aqua-svg-sprite |
| B-Banner Slider | b-banner-slider |
| Backup and Staging by WP Time Capsule | wp-time-capsule |
| Blogger 301 Redirect | blogger-301-redirect |
| Boat Rental Plugin for WordPress | boat-rental-system |
| Boostify Header Footer Builder for Elementor | boostify-header-footer-builder |
| Bounce Handler MailPoet 3 | bounce-handler-mailpoet |
| BuddyPress Builder for Elementor – BuddyBuilder | stax-buddy-builder |
| BulkPress | bulkpress |
| Buy one click WooCommerce | buy-one-click-woocommerce |
| CDI – Collect and Deliver Interface for Woocommerce | collect-and-deliver-interface-for-woocommerce |
| CF7 Reply Manager | cf7-reply-manager |
| Chartify – WordPress Chart Plugin | chart-builder |
| Classified Listing – Classified ads & Business Directory Plugin | classified-listing |
| Constant Contact Forms by MailMunch | constant-contact-forms-by-mailmunch |
| Contact Form 7 Redirect & Thank You Page | cf7-redirect-thank-you-page |
| Convert Docx2post | convert-docx2post |
| ConvertCalculator for WordPress | convertcalculator |
| Copy Anything to Clipboard | copy-the-code |
| CSV to html | csv-to-html |
| Customer Reviews for WooCommerce | customer-reviews-woocommerce |
| CYAN Backup | cyan-backup |
| Datasets Manager by Arttia Creative | datasets-manager-by-arttia-creative |
| Devexhub Gallery | devexhub-gallery |
| DigiPass | digipass |
| Disable Admin Notices individually | disable-admin-notices |
| Do That Task | do-that-task |
| Drop Shadow Boxes | drop-shadow-boxes |
| Drozd – Addons for Elementor | drozd-addons-for-elementor |
| Easy CSV Importer BETA | easy-csv-importer |
| EleForms – All In One Form Integration including DB for Elementor | all-contact-form-integration-for-elementor |
| Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite |
| Event Tickets with Ticket Scanner | event-tickets-with-ticket-scanner |
| Exclusive Content Password Protect | exclusive-content-password-protect |
| Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme | exclusive-divi |
| External Database Based Actions | external-database-based-actions |
| Floating Buttons for WooCommerce | shop-assistant-for-woocommerce-jarvis |
| Futurio Extra | futurio-extra |
| Gallerio | gallerio |
| Gallery Manager | fancy-gallery |
| Global Gateway e4 | Payeezy Gateway | | globe-gateway-e4 |
| GPX Viewer | gpx-viewer |
| Hacklog DownloadManager | hacklog-downloadmanager |
| Happy Addons for Elementor | happy-elementor-addons |
| Hash Elements | hash-elements |
| Hebrew Dates | hebrewdates |
| Hide Links | hide-links |
| Hide My WP Ghost – Security & Firewall | hide-my-wp |
| Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress | hive-support |
| Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) | ai-image |
| JetWidgets For Elementor | jetwidgets-for-elementor |
| KBucket: Your Curated Content in WordPress | kbucket |
| kineticPay for WooCommerce | kineticpay-for-woocommerce |
| Kognetiks Chatbot for WordPress | chatbot-chatgpt |
| LearnPress Export Import – WordPress extension for LearnPress | learnpress-import-export |
| Linear | linear |
| Lis Video Gallery | lis-video-gallery |
| Login using WordPress Users ( WP as SAML IDP ) | miniorange-wp-as-saml-idp |
| LUNA RADIO PLAYER | lu-radioplayer |
| Mapster WP Maps | mapster-wp-maps |
| Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations | master-addons |
| Matix Popup Builder | medma-matix |
| Migration, Backup, Staging – WPvivid Backup & Migration | wpvivid-backuprestore |
| MultiManager WP – Manage All Your WordPress Sites Easily | multimanager-wp |
| Multiple Page Generator Plugin – MPG | multiple-pages-generator-by-porthas |
| Music Player for Elementor – Audio Player & Podcast Player | music-player-for-elementor |
| My Geo Posts Free | my-geo-posts-free |
| NiceJob | nicejob |
| NIX Anti-Spam Light | nix-anti-spam-light |
| PDF Generator Addon for Elementor Page Builder | pdf-generator-addon-for-elementor-page-builder |
| PeproDev WooCommerce Receipt Uploader | pepro-bacs-receipt-upload-for-woocommerce |
| Picsmize | picsmize |
| Pie Register Premium | pie-register-premium |
| PJW Mime Config | pjw-mime-config |
| Podlove Podcast Publisher | podlove-podcasting-plugin-for-wordpress |
| Popularis Extra | popularis-extra |
| Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | ays-popup-box |
| Popup by Supsystic | popup-by-supsystic |
| Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX | ultimate-post |
| Post SMTP – WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more | post-smtp |
| Premium Packages – Sell Digital Products Securely | wpdm-premium-packages |
| Print PDF Generator and Publisher | nopeamedia |
| Product Delivery Date for WooCommerce – Lite | product-delivery-date-for-woocommerce-lite |
| Push Notifications for WordPress by PushAssist | push-notification-for-wp-by-pushassist |
| Razorpay Payment Button Elementor Plugin | razorpay-payment-button-elementor |
| Razorpay Payment Button Plugin | razorpay-payment-button |
| Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder | real3d-flipbook-lite |
| Really Simple Security Pro | really-simple-ssl-pro |
| Really Simple Security Pro multisite | really-simple-ssl-pro-multisite |
| Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) | really-simple-ssl |
| Referrer Detector | referrer-detector |
| Relais 2FA | relais-2fa |
| Royal Elementor Addons and Templates | royal-elementor-addons |
| Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation | ai-content-generator |
| Simple Local Avatars | simple-local-avatars |
| Simple Pricing Table | simple-pricing-table |
| Simple Side Tab | simple-side-tab |
| SimpleForm Contact Form Submissions | simpleform-contact-form-submissions |
| SimpleForm – Contact form made simple | simpleform |
| SK WP Settings Backup | sk-wp-settings-backup |
| Slickstream: Engagement and Conversions | slick-engagement |
| Social Proof (Testimonial) Slider | social-proof-testimonials-slider |
| Steel | steel |
| Styler for Ninja Forms | styler-for-ninja-forms-lite |
| SVG Case Study | case-study |
| SVGPlus | svgplus |
| Team Member – Multi Language Supported Team Plugin | team-showcase-supreme |
| Themify Builder | themify-builder |
| Tutor LMS Elementor Addons | tutor-lms-elementor-addons |
| Twigify | twigify |
| Uix Slideshow | uix-slideshow |
| User Management | user-management |
| W3SPEEDSTER | w3speedster-wp |
| WDES Responsive Mobile Menu | wdes-responsive-mobile-menu |
| WOLF – WordPress Posts Bulk Editor and Manager Professional | bulk-editor |
| WooCommerce Upload Files | woocommerce-upload-files |
| WordPress BasePress Migration Tools | basepress-migration-tools |
| WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | tripetto |
| WordPress GDPR | wordpress-gdpr |
| WordPress User Extra Fields | wp-user-extra-fields |
| WordPress Video Robot - The Ultimate Video Importer | wp-video-robot |
| WP Activity Log | wp-security-audit-log |
| WP AdCenter – Ad Manager & Adsense Ads | wpadcenter |
| WP Chat App | wp-whatsapp |
| WP Githuber MD – WordPress Markdown Editor | wp-githuber-md |
| WP Job Portal – A Complete Recruitment System for Company or Job Board website | wp-job-portal |
| WP Log Viewer | wp-log-viewer |
| WP Popup Window Maker | easy-popup-lightbox-maker |
| WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts | wedevs-project-manager |
| WP Quick Setup | wp-quick-setup |
| wp-login customizer | wp-login-customizer |
| WP-Strava | wp-strava |
| WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | wpforms-lite |
| Writer Helper | writer-helper |
| xili-tidy-tags | xili-tidy-tags |
| Yotpo: Product & Photo Reviews for WooCommerce | yotpo-social-reviews-for-woocommerce |
| ZIJ KART | zij-kart |
| 胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件 | fat-rat-collect |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Airin Blog | airin-blog |
| Gameplan - Event and Gym Fitness WordPress Theme | gameplan |
| reconstruction | reconstruction |
| Xin | xin |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2024-52406
CVE-2024-52406
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
CSV to html
CSV to html
Researcher
CVE-ID
CVE-2024-52428
CVE-2024-52428
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Ads Booster by Ads Pro
Ads Booster by Ads Pro
Researcher
CVE-ID
CVE-2024-52411
CVE-2024-52411
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Advanced Personalization
Advanced Personalization
Researcher
CVE-ID
CVE-2024-52413
CVE-2024-52413
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Airin Blog
Airin Blog
Researcher
CVE-ID
CVE-2024-52409
CVE-2024-52409
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
AJAX Random Posts
AJAX Random Posts
Researcher
CVE-ID
CVE-2024-8856
CVE-2024-8856
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Backup and Staging by WP Time Capsule
Backup and Staging by WP Time Capsule
Researcher
CVE-ID
CVE-2024-52376
CVE-2024-52376
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Boat Rental Plugin for WordPress
Boat Rental Plugin for WordPress
Researcher
CVE-ID
CVE-2024-10571
CVE-2024-10571
Patch Status
Patched
Patched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Chartify – WordPress Chart Plugin
Chartify – WordPress Chart Plugin
Researcher
CVE-ID
CVE-2024-52375
CVE-2024-52375
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Datasets Manager by Arttia Creative
Datasets Manager by Arttia Creative
Researcher
CVE-ID
CVE-2024-52373
CVE-2024-52373
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Devexhub Gallery
Devexhub Gallery
Researcher
CVE-ID
CVE-2024-52374
CVE-2024-52374
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Do That Task
Do That Task
Researcher
CVE-ID
CVE-2024-52372
CVE-2024-52372
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Easy CSV Importer BETA
Easy CSV Importer BETA
Researcher
CVE-ID
CVE-2024-52377
CVE-2024-52377
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Researcher
CVE-ID
CVE-2024-52379
CVE-2024-52379
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
kineticPay for WooCommerce
kineticPay for WooCommerce
Researcher
CVE-ID
CVE-2024-52430
CVE-2024-52430
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Lis Video Gallery
Lis Video Gallery
Researcher
CVE-ID
CVE-2024-52382
CVE-2024-52382
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Matix Popup Builder
Matix Popup Builder
Researcher
CVE-ID
CVE-2024-11028
CVE-2024-11028
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
MultiManager WP – Manage All Your WordPress Sites Easily
MultiManager WP – Manage All Your WordPress Sites Easily
Researcher
CVE-ID
CVE-2024-52433
CVE-2024-52433
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
My Geo Posts Free
My Geo Posts Free
Researcher
CVE-ID
CVE-2024-52432
CVE-2024-52432
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
NIX Anti-Spam Light
NIX Anti-Spam Light
Researcher
CVE-ID
CVE-2024-52380
CVE-2024-52380
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Picsmize
Picsmize
Researcher
CVE-ID
CVE-2024-10924
CVE-2024-10924
Patch Status
Patched
Patched
Published
Nov 14, 2024
Nov 14, 2024
CVE-ID
CVE-2024-52410
CVE-2024-52410
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Referrer Detector
Referrer Detector
Researcher
CVE-ID
CVE-2024-10245
CVE-2024-10245
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Relais 2FA
Relais 2FA
Researcher
CVE-ID
CVE-2024-52414
CVE-2024-52414
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
WDES Responsive Mobile Menu
WDES Responsive Mobile Menu
Researcher
CVE-ID
CVE-2024-10820
CVE-2024-10820
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
WooCommerce Upload Files
WooCommerce Upload Files
Researcher
CVE-ID
CVE-2024-11150
CVE-2024-11150
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
WordPress User Extra Fields
WordPress User Extra Fields
Researcher
CVE-ID
CVE-2024-52381
CVE-2024-52381
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
ZIJ KART
ZIJ KART
Researcher
CVE-ID
CVE-2024-52371
CVE-2024-52371
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Global Gateway e4 | Payeezy Gateway |
Global Gateway e4 | Payeezy Gateway |
Researcher
CVE-ID
CVE-2024-52434
CVE-2024-52434
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Popup by Supsystic
Popup by Supsystic
Researcher
CVE-ID
CVE-2024-52405
CVE-2024-52405
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
B-Banner Slider
B-Banner Slider
Researcher
CVE-ID
CVE-2024-52407
CVE-2024-52407
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
WordPress BasePress Migration Tools
WordPress BasePress Migration Tools
Researcher
CVE-ID
CVE-2024-52404
CVE-2024-52404
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
CF7 Reply Manager
CF7 Reply Manager
Researcher
CVE-ID
CVE-2024-52386
CVE-2024-52386
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Classified Listing – Classified ads & Business Directory Plugin
Classified Listing – Classified ads & Business Directory Plugin
Researcher
CVE-ID
CVE-2024-52397
CVE-2024-52397
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Convert Docx2post
Convert Docx2post
Researcher
CVE-ID
CVE-2024-52427
CVE-2024-52427
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Event Tickets with Ticket Scanner
Event Tickets with Ticket Scanner
Researcher
Exclusive Content Password Protect <= 1.1.0 - Cross-Site Request Forgery to Arbitrary File Upload
8.8
CVE-ID
CVE-2024-52402
CVE-2024-52402
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Exclusive Content Password Protect
Exclusive Content Password Protect
Researcher
CVE-ID
CVE-2024-10629
CVE-2024-10629
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
GPX Viewer
GPX Viewer
Researcher
CVE-ID
CVE-2024-52401
CVE-2024-52401
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Hacklog DownloadManager
Hacklog DownloadManager
Researcher
CVE-ID
CVE-2024-52370
CVE-2024-52370
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Researcher
CVE-ID
CVE-2024-52369
CVE-2024-52369
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
KBucket: Your Curated Content in WordPress
KBucket: Your Curated Content in WordPress
Researcher
CVE-ID
CVE-2024-10962
CVE-2024-10962
Patch Status
Patched
Patched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Migration, Backup, Staging – WPvivid Backup & Migration
Migration, Backup, Staging – WPvivid Backup & Migration
Researcher
CVE-ID
CVE-2024-10728
CVE-2024-10728
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Researcher
CVE-ID
CVE-2024-52408
CVE-2024-52408
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Push Notifications for WordPress by PushAssist
Push Notifications for WordPress by PushAssist
Researcher
CVE-ID
CVE-2024-9849
CVE-2024-9849
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder
Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder
Researcher
CVE-ID
CVE-2024-52384
CVE-2024-52384
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation
Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation
Researcher
CVE-ID
CVE-2024-52415
CVE-2024-52415
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
SK WP Settings Backup
SK WP Settings Backup
Researcher
CVE-ID
CVE-2024-52403
CVE-2024-52403
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
User Management
User Management
Researcher
CVE-ID
CVE-2024-10800
CVE-2024-10800
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
WordPress User Extra Fields
WordPress User Extra Fields
Researcher
CVE-ID
CVE-2024-52429
CVE-2024-52429
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
WP Quick Setup
WP Quick Setup
Researcher
WP Video Robot <= 1.20.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update
8.8
CVE-ID
CVE-2024-9192
CVE-2024-9192
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
WordPress Video Robot - The Ultimate Video Importer
WordPress Video Robot - The Ultimate Video Importer
Researcher
CVE-ID
CVE-2024-52399
CVE-2024-52399
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Writer Helper
Writer Helper
Researcher
CVE-ID
CVE-2024-10828
CVE-2024-10828
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Advanced Order Export For WooCommerce
Advanced Order Export For WooCommerce
Researcher
CVE-ID
CVE-2024-8979
CVE-2024-8979
Patch Status
Patched
Patched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Researcher
CVE-ID
CVE-2024-10645
CVE-2024-10645
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Blogger 301 Redirect
Blogger 301 Redirect
Researcher
CVE-ID
CVE-2024-52378
CVE-2024-52378
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
DigiPass
DigiPass
Researcher
CVE-ID
CVE-2024-10311
CVE-2024-10311
Patch Status
Unpatched
Unpatched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
External Database Based Actions
External Database Based Actions
Researcher
CVE-ID
CVE-2024-10816
CVE-2024-10816
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
LUNA RADIO PLAYER
LUNA RADIO PLAYER
Researcher
PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download
7.5
CVE-ID
CVE-2024-9935
CVE-2024-9935
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
PDF Generator Addon for Elementor Page Builder
PDF Generator Addon for Elementor Page Builder
Researcher
CVE-ID
CVE-2024-52431
CVE-2024-52431
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
WordPress Video Robot - The Ultimate Video Importer
WordPress Video Robot - The Ultimate Video Importer
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Unpatched
Unpatched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Twigify
Twigify
Researcher
CVE-ID
CVE-2024-9839
CVE-2024-9839
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Uix Slideshow
Uix Slideshow
Researcher
CVE-ID
CVE-2024-10174
CVE-2024-10174
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
Researcher
CVE-ID
CVE-2024-52398
CVE-2024-52398
Patch Status
Patched
Patched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
CDI – Collect and Deliver Interface for Woocommerce
CDI – Collect and Deliver Interface for Woocommerce
Researcher
CVE-ID
CVE-2024-9887
CVE-2024-9887
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Login using WordPress Users ( WP as SAML IDP )
Login using WordPress Users ( WP as SAML IDP )
Researcher
CVE-ID
CVE-2024-52393
CVE-2024-52393
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Podlove Podcast Publisher
Podlove Podcast Publisher
Researcher
CVE-ID
CVE-2024-52385
CVE-2024-52385
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Team Member – Multi Language Supported Team Plugin
Team Member – Multi Language Supported Team Plugin
Researcher
CVE-ID
CVE-2024-10260
CVE-2024-10260
Patch Status
Unpatched
Unpatched
Published
Nov 14, 2024
Nov 14, 2024
Researcher
CVE-ID
CVE-2024-10388
CVE-2024-10388
Patch Status
Patched
Patched
Published
Nov 17, 2024
Nov 17, 2024
Affected Software
WordPress GDPR
WordPress GDPR
Researcher
CVE-ID
CVE-2024-10793
CVE-2024-10793
Patch Status
Patched
Patched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
WP Activity Log
WP Activity Log
Researcher
CVE-ID
CVE-2024-10717
CVE-2024-10717
Patch Status
Unpatched
Unpatched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Styler for Ninja Forms
Styler for Ninja Forms
Researcher
CVE-ID
CVE-2024-11069
CVE-2024-11069
Patch Status
Patched
Patched
Published
Nov 17, 2024
Nov 17, 2024
Affected Software
WordPress GDPR
WordPress GDPR
Researcher
Aqua SVG Sprite <= 3.0.14 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
6.4
CVE-ID
CVE-2024-9426
CVE-2024-9426
Patch Status
Unpatched
Unpatched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Aqua SVG Sprite
Aqua SVG Sprite
Researcher
CVE-ID
CVE-2024-10015
CVE-2024-10015
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
ConvertCalculator for WordPress
ConvertCalculator for WordPress
Researcher
CVE-ID
CVE-2024-52419
CVE-2024-52419
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Copy Anything to Clipboard
Copy Anything to Clipboard
Researcher
Drozd – Addons for Elementor <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-52425
CVE-2024-52425
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Drozd – Addons for Elementor
Drozd – Addons for Elementor
Researcher
CVE-ID
CVE-2024-8961
CVE-2024-8961
Patch Status
Patched
Patched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Researcher
CVE-ID
CVE-2024-9386
CVE-2024-9386
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme
Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme
Researcher
CVE-ID
CVE-2024-10538
CVE-2024-10538
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Happy Addons for Elementor
Happy Addons for Elementor
Researcher
CVE-ID
CVE-2024-10323
CVE-2024-10323
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
JetWidgets For Elementor
JetWidgets For Elementor
Researcher
CVE-ID
CVE-2024-52426
CVE-2024-52426
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Linear
Linear
Researcher
CVE-ID
CVE-2024-10592
CVE-2024-10592
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Mapster WP Maps
Mapster WP Maps
Researcher
CVE-ID
CVE-2024-52387
CVE-2024-52387
Patch Status
Unpatched
Unpatched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Researcher
CVE-ID
CVE-2024-10887
CVE-2024-10887
Patch Status
Unpatched
Unpatched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
NiceJob
NiceJob
Researcher
PJW Mime Config <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
6.4
CVE-ID
CVE-2024-10017
CVE-2024-10017
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
PJW Mime Config
PJW Mime Config
Researcher
CVE-ID
CVE-2024-52394
CVE-2024-52394
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Print PDF Generator and Publisher
Print PDF Generator and Publisher
Researcher
CVE-ID
CVE-2024-9059
CVE-2024-9059
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Royal Elementor Addons and Templates
Royal Elementor Addons and Templates
Researcher
CVE-ID
CVE-2024-9682
CVE-2024-9682
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Royal Elementor Addons and Templates
Royal Elementor Addons and Templates
Researcher
CVE-ID
CVE-2024-9668
CVE-2024-9668
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Royal Elementor Addons and Templates
Royal Elementor Addons and Templates
Researcher
CVE-ID
CVE-2024-51899
CVE-2024-51899
Patch Status
Unpatched
Unpatched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
Simple Pricing Table
Simple Pricing Table
Researcher
CVE-ID
CVE-2024-10179
CVE-2024-10179
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Slickstream: Engagement and Conversions
Slickstream: Engagement and Conversions
Researcher
CVE-ID
CVE-2024-8985
CVE-2024-8985
Patch Status
Unpatched
Unpatched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Social Proof (Testimonial) Slider
Social Proof (Testimonial) Slider
Researcher
CVE-ID
CVE-2024-10147
CVE-2024-10147
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Steel
Steel
Researcher
CVE-ID
CVE-2024-9850
CVE-2024-9850
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
SVG Case Study
SVG Case Study
Researcher
CVE-ID
CVE-2024-11092
CVE-2024-11092
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
SVGPlus
SVGPlus
Researcher
CVE-ID
CVE-2024-52423
CVE-2024-52423
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Themify Builder
Themify Builder
Researcher
CVE-ID
CVE-2024-10113
CVE-2024-10113
Patch Status
Unpatched
Unpatched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
WP AdCenter – Ad Manager & Adsense Ads
WP AdCenter – Ad Manager & Adsense Ads
Researcher
CVE-ID
CVE-2024-52422
CVE-2024-52422
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
WP Githuber MD – WordPress Markdown Editor
WP Githuber MD – WordPress Markdown Editor
Researcher
CVE-ID
CVE-2024-52389
CVE-2024-52389
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Researcher
CVE-ID
CVE-2024-10262
CVE-2024-10262
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Drop Shadow Boxes
Drop Shadow Boxes
Researcher
CVE-ID
CVE-2024-10877
CVE-2024-10877
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
AFI – The Easiest Integration Plugin
AFI – The Easiest Integration Plugin
Researcher
CVE-ID
CVE-2024-8874
CVE-2024-8874
Patch Status
Unpatched
Unpatched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
AJAX Login and Registration modal popup + inline form
AJAX Login and Registration modal popup + inline form
Researcher
CVE-ID
CVE-2024-9938
CVE-2024-9938
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Bounce Handler MailPoet 3
Bounce Handler MailPoet 3
Researcher
CVE-ID
CVE-2024-9614
CVE-2024-9614
Patch Status
Unpatched
Unpatched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Constant Contact Forms by MailMunch
Constant Contact Forms by MailMunch
Researcher
CVE-ID
CVE-2024-10685
CVE-2024-10685
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Contact Form 7 Redirect & Thank You Page
Contact Form 7 Redirect & Thank You Page
Researcher
CVE-ID
CVE-2024-10577
CVE-2024-10577
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件
胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件
Researcher
CVE-ID
CVE-2024-10875
CVE-2024-10875
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Gallery Manager
Gallery Manager
Researcher
CVE-ID
CVE-2024-52418
CVE-2024-52418
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Gameplan - Event and Gym Fitness WordPress Theme
Gameplan - Event and Gym Fitness WordPress Theme
Researcher
CVE-ID
CVE-2024-52388
CVE-2024-52388
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Hebrew Dates
Hebrew Dates
Researcher
CVE-ID
CVE-2024-10825
CVE-2024-10825
Patch Status
Patched
Patched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
Hide My WP Ghost – Security & Firewall
Hide My WP Ghost – Security & Firewall
Researcher
CVE-ID
CVE-2024-10684
CVE-2024-10684
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Kognetiks Chatbot for WordPress
Kognetiks Chatbot for WordPress
Researcher
CVE-ID
CVE-2024-9609
CVE-2024-9609
Patch Status
Patched
Patched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
LearnPress Export Import – WordPress extension for LearnPress
LearnPress Export Import – WordPress extension for LearnPress
Researcher
CVE-ID
CVE-2024-8873
CVE-2024-8873
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
PeproDev WooCommerce Receipt Uploader
PeproDev WooCommerce Receipt Uploader
Researcher
CVE-ID
CVE-2024-10882
CVE-2024-10882
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Product Delivery Date for WooCommerce – Lite
Product Delivery Date for WooCommerce – Lite
Researcher
CVE-ID
CVE-2024-10851
CVE-2024-10851
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Razorpay Payment Button Plugin
Razorpay Payment Button Plugin
Researcher
CVE-ID
CVE-2024-10850
CVE-2024-10850
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Razorpay Payment Button Elementor Plugin
Razorpay Payment Button Elementor Plugin
Researcher
CVE-ID
CVE-2024-52417
CVE-2024-52417
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
reconstruction
reconstruction
Researcher
CVE-ID
CVE-2024-10883
CVE-2024-10883
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
SimpleForm – Contact form made simple
SimpleForm – Contact form made simple
Researcher
CVE-ID
CVE-2024-10884
CVE-2024-10884
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
SimpleForm Contact Form Submissions
SimpleForm Contact Form Submissions
Researcher
CVE-ID
CVE-2024-52424
CVE-2024-52424
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
wp-login customizer
wp-login customizer
Researcher
CVE-ID
CVE-2024-9357
CVE-2024-9357
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
xili-tidy-tags
xili-tidy-tags
Researcher
CVE-ID
CVE-2024-9356
CVE-2024-9356
Patch Status
Patched
Patched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
Yotpo: Product & Photo Reviews for WooCommerce
Yotpo: Product & Photo Reviews for WooCommerce
Researcher
CVE-ID
CVE-2024-8978
CVE-2024-8978
Patch Status
Patched
Patched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Researcher
CVE-ID
CVE-2024-10790
CVE-2024-10790
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Admin and Site Enhancements (ASE)
Admin and Site Enhancements (ASE)
Researcher
CVE-ID
CVE-2024-11085
CVE-2024-11085
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
WP Log Viewer
WP Log Viewer
Researchers
CVE-ID
CVE-2024-11118
CVE-2024-11118
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
404 Error Monitor
404 Error Monitor
Researcher
CVE-ID
CVE-2024-11094
CVE-2024-11094
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
404 Solution
404 Solution
Researcher
CVE-ID
CVE-2024-52383
CVE-2024-52383
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Researcher
CVE-ID
CVE-2024-52395
CVE-2024-52395
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Floating Buttons for WooCommerce
Floating Buttons for WooCommerce
Researcher
CVE-ID
CVE-2024-10802
CVE-2024-10802
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Hash Elements
Hash Elements
Researcher
CVE-ID
CVE-2024-9578
CVE-2024-9578
Patch Status
Unpatched
Unpatched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Hide Links
Hide Links
Researcher
CVE-ID
CVE-2024-10529
CVE-2024-10529
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Kognetiks Chatbot for WordPress
Kognetiks Chatbot for WordPress
Researcher
CVE-ID
CVE-2024-10531
CVE-2024-10531
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Kognetiks Chatbot for WordPress
Kognetiks Chatbot for WordPress
Researcher
CVE-ID
CVE-2024-52391
CVE-2024-52391
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Pie Register Premium
Pie Register Premium
Researcher
CVE-ID
CVE-2024-10861
CVE-2024-10861
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
Researcher
CVE-ID
CVE-2024-52390
CVE-2024-52390
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
CYAN Backup
CYAN Backup
Researcher
CVE-ID
CVE-2024-52436
CVE-2024-52436
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
CVE-ID
CVE-2024-52435
CVE-2024-52435
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Premium Packages – Sell Digital Products Securely
Premium Packages – Sell Digital Products Securely
Researcher
CVE-ID
CVE-2024-10551
CVE-2024-10551
Patch Status
Patched
Patched
Published
Nov 16, 2024
Nov 16, 2024
Affected Software
Simple Side Tab
Simple Side Tab
Researcher
Boostify Header Footer Builder for Elementor <= 1.3.6 - Authenticated (Contributor+) Post Disclosure
4.3
CVE-ID
CVE-2024-10794
CVE-2024-10794
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Boostify Header Footer Builder for Elementor
Boostify Header Footer Builder for Elementor
Researcher
CVE-ID
CVE-2024-10778
CVE-2024-10778
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
BuddyPress Builder for Elementor – BuddyBuilder
BuddyPress Builder for Elementor – BuddyBuilder
Researcher
CVE-ID
CVE-2024-10853
CVE-2024-10853
Patch Status
Unpatched
Unpatched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Buy one click WooCommerce
Buy one click WooCommerce
Researcher
CVE-ID
CVE-2024-10852
CVE-2024-10852
Patch Status
Unpatched
Unpatched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Buy one click WooCommerce
Buy one click WooCommerce
Researcher
CVE-ID
CVE-2024-10854
CVE-2024-10854
Patch Status
Unpatched
Unpatched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Buy one click WooCommerce
Buy one click WooCommerce
Researcher
CVE-ID
CVE-2024-10614
CVE-2024-10614
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Customer Reviews for WooCommerce
Customer Reviews for WooCommerce
Researcher
CVE-ID
CVE-2024-52420
CVE-2024-52420
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
Disable Admin Notices individually
Disable Admin Notices individually
Researcher
CVE-ID
CVE-2024-6628
CVE-2024-6628
Patch Status
Unpatched
Unpatched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
EleForms – All In One Form Integration including DB for Elementor
EleForms – All In One Form Integration including DB for Elementor
Researcher
CVE-ID
CVE-2024-10695
CVE-2024-10695
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Futurio Extra
Futurio Extra
Researcher
CVE-ID
CVE-2024-10530
CVE-2024-10530
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Kognetiks Chatbot for WordPress
Kognetiks Chatbot for WordPress
Researcher
CVE-ID
CVE-2024-11143
CVE-2024-11143
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
Kognetiks Chatbot for WordPress
Kognetiks Chatbot for WordPress
Researcher
CVE-ID
CVE-2024-10582
CVE-2024-10582
Patch Status
Patched
Patched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
Music Player for Elementor – Audio Player & Podcast Player
Music Player for Elementor – Audio Player & Podcast Player
Researchers
CVE-ID
CVE-2024-10795
CVE-2024-10795
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Popularis Extra
Popularis Extra
Researcher
CVE-ID
CVE-2024-10786
CVE-2024-10786
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
Simple Local Avatars
Simple Local Avatars
Researcher
CVE-ID
CVE-2024-10897
CVE-2024-10897
Patch Status
Patched
Patched
Published
Nov 14, 2024
Nov 14, 2024
Affected Software
Tutor LMS Elementor Addons
Tutor LMS Elementor Addons
Researcher
CVE-ID
CVE-2024-52392
CVE-2024-52392
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
W3SPEEDSTER
W3SPEEDSTER
Researcher
CVE-ID
CVE-2024-10533
CVE-2024-10533
Patch Status
Patched
Patched
Published
Nov 15, 2024
Nov 15, 2024
Affected Software
WP Chat App
WP Chat App
Researcher
CVE-ID
CVE-2024-52421
CVE-2024-52421
Patch Status
Unpatched
Unpatched
Published
Nov 13, 2024
Nov 13, 2024
Affected Software
WP Popup Window Maker
WP Popup Window Maker
Researcher
CVE-ID
CVE-2024-10593
CVE-2024-10593
Patch Status
Patched
Patched
Published
Nov 12, 2024
Nov 12, 2024
Affected Software
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
Researcher
CVE-ID
CVE-2024-10672
CVE-2024-10672
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
Multiple Page Generator Plugin – MPG
Multiple Page Generator Plugin – MPG
Researcher
CVE-ID
CVE-2024-52396
CVE-2024-52396
Patch Status
Patched
Patched
Published
Nov 11, 2024
Nov 11, 2024
Affected Software
WOLF – WordPress Posts Bulk Editor and Manager Professional
WOLF – WordPress Posts Bulk Editor and Manager Professional
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments